Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 813486 (CVE-2020-21594, CVE-2020-21595, CVE-2020-21596, CVE-2020-21597, CVE-2020-21598, CVE-2020-21599, CVE-2020-21600, CVE-2020-21601, CVE-2020-21602, CVE-2020-21603, CVE-2020-21604, CVE-2020-21605, CVE-2020-21606) - media-libs/libde265: multiple vulnerabilities
Summary: media-libs/libde265: multiple vulnerabilities
Status: CONFIRMED
Alias: CVE-2020-21594, CVE-2020-21595, CVE-2020-21596, CVE-2020-21597, CVE-2020-21598, CVE-2020-21599, CVE-2020-21600, CVE-2020-21601, CVE-2020-21602, CVE-2020-21603, CVE-2020-21604, CVE-2020-21605, CVE-2020-21606
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [upstream]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-09-17 18:40 UTC by John Helmert III
Modified: 2021-09-17 18:40 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-09-17 18:40:33 UTC
CVE-2020-21594 (https://github.com/strukturag/libde265/issues/233):

libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file.

CVE-2020-21595 (https://github.com/strukturag/libde265/issues/239):

libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file.

CVE-2020-21596 (https://github.com/strukturag/libde265/issues/236):

libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file.

CVE-2020-21597 (https://github.com/strukturag/libde265/issues/238):

libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file.

CVE-2020-21598 (https://github.com/strukturag/libde265/issues/237):

libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file.

CVE-2020-21599 (https://github.com/strukturag/libde265/issues/235):

libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file.

CVE-2020-21600 (https://github.com/strukturag/libde265/issues/243):

libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file.

CVE-2020-21601 (https://github.com/strukturag/libde265/issues/241):

libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file.

CVE-2020-21602 (https://github.com/strukturag/libde265/issues/242):

libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file.

CVE-2020-21603 (https://github.com/strukturag/libde265/issues/240):

libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file.

CVE-2020-21604 (https://github.com/strukturag/libde265/issues/231):

libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file.

CVE-2020-21605 (https://github.com/strukturag/libde265/issues/234):

libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited via a crafted a file.

CVE-2020-21606 (https://github.com/strukturag/libde265/issues/232):

libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file.


All open upstream.