Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 813486 (CVE-2020-21594, CVE-2020-21595, CVE-2020-21596, CVE-2020-21597, CVE-2020-21598, CVE-2020-21599, CVE-2020-21600, CVE-2020-21601, CVE-2020-21602, CVE-2020-21603, CVE-2020-21604, CVE-2020-21605, CVE-2020-21606, CVE-2021-35452, CVE-2021-36408, CVE-2021-36409, CVE-2021-36410, CVE-2021-36411, CVE-2022-1253)

Summary: media-libs/libde265: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: media-video
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [upstream]
Package list:
Runtime testing required: ---

Description John Helmert III gentoo-dev Security 2021-09-17 18:40:33 UTC 
CVE-2020-21594 (https://github.com/strukturag/libde265/issues/233):

libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file.

CVE-2020-21595 (https://github.com/strukturag/libde265/issues/239):

libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file.

CVE-2020-21596 (https://github.com/strukturag/libde265/issues/236):

libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file.

CVE-2020-21597 (https://github.com/strukturag/libde265/issues/238):

libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file.

CVE-2020-21598 (https://github.com/strukturag/libde265/issues/237):

libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file.

CVE-2020-21599 (https://github.com/strukturag/libde265/issues/235):

libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file.

CVE-2020-21600 (https://github.com/strukturag/libde265/issues/243):

libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file.

CVE-2020-21601 (https://github.com/strukturag/libde265/issues/241):

libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file.

CVE-2020-21602 (https://github.com/strukturag/libde265/issues/242):

libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file.

CVE-2020-21603 (https://github.com/strukturag/libde265/issues/240):

libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file.

CVE-2020-21604 (https://github.com/strukturag/libde265/issues/231):

libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file.

CVE-2020-21605 (https://github.com/strukturag/libde265/issues/234):

libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited via a crafted a file.

CVE-2020-21606 (https://github.com/strukturag/libde265/issues/232):

libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file.


All open upstream.
Comment 1 John Helmert III gentoo-dev Security 2022-01-11 03:22:53 UTC 
CVE-2021-36409 (https://github.com/strukturag/libde265/issues/300):

There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.

CVE-2021-36410 (https://github.com/strukturag/libde265/issues/301):

A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.

CVE-2021-36411 (https://github.com/strukturag/libde265/issues/302):

An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.

CVE-2021-36408 (https://github.com/strukturag/libde265/issues/299):

An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265.

CVE-2021-35452 (https://github.com/strukturag/libde265/issues/298):

An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.

All seem unpatched.
Comment 2 John Helmert III gentoo-dev Security 2022-04-09 23:19:52 UTC 
CVE-2022-1253 (https://huntr.dev/bounties/1-other-strukturag/libde265):

Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to 1.0.8.

CVE appears wrong. Patch doesn't seem to be in any releases:

https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8