Source: libde265 X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerabilities were published for libde265. CVE-2020-21594[0]: | libde265 v1.0.4 contains a heap buffer overflow in the | put_epel_hv_fallback function, which can be exploited via a crafted a | file. https://github.com/strukturag/libde265/issues/233 CVE-2020-21595[1]: | libde265 v1.0.4 contains a heap buffer overflow in the mc_luma | function, which can be exploited via a crafted a file. https://github.com/strukturag/libde265/issues/239 CVE-2020-21596[2]: | libde265 v1.0.4 contains a global buffer overflow in the | decode_CABAC_bit function, which can be exploited via a crafted a | file. https://github.com/strukturag/libde265/issues/236 CVE-2020-21597[3]: | libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma | function, which can be exploited via a crafted a file. https://github.com/strukturag/libde265/issues/238 CVE-2020-21599[4]: | libde265 v1.0.4 contains a heap buffer overflow in the | de265_image::available_zscan function, which can be exploited via a | crafted a file. https://github.com/strukturag/libde265/issues/235 CVE-2020-21601[5]: | libde265 v1.0.4 contains a stack buffer overflow in the | put_qpel_fallback function, which can be exploited via a crafted a | file. https://github.com/strukturag/libde265/issues/241 CVE-2020-21603[6]: | libde265 v1.0.4 contains a heap buffer overflow in the | put_qpel_0_0_fallback_16 function, which can be exploited via a | crafted a file. https://github.com/strukturag/libde265/issues/240 CVE-2020-21604[7]: | libde265 v1.0.4 contains a heap buffer overflow fault in the | _mm_loadl_epi64 function, which can be exploited via a crafted a file. https://github.com/strukturag/libde265/issues/231 CVE-2020-21605[8]: | libde265 v1.0.4 contains a segmentation fault in the | apply_sao_internal function, which can be exploited via a crafted a | file. https://github.com/strukturag/libde265/issues/234 CVE-2020-21606[9]: | libde265 v1.0.4 contains a heap buffer overflow fault in the | put_epel_16_fallback function, which can be exploited via a crafted a | file. https://github.com/strukturag/libde265/issues/232 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-21594 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21594 [1] https://security-tracker.debian.org/tracker/CVE-2020-21595 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21595 [2] https://security-tracker.debian.org/tracker/CVE-2020-21596 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21596 [3] https://security-tracker.debian.org/tracker/CVE-2020-21597 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21597 [4] https://security-tracker.debian.org/tracker/CVE-2020-21599 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21599 [5] https://security-tracker.debian.org/tracker/CVE-2020-21601 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21601 [6] https://security-tracker.debian.org/tracker/CVE-2020-21603 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21603 [7] https://security-tracker.debian.org/tracker/CVE-2020-21604 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21604 [8] https://security-tracker.debian.org/tracker/CVE-2020-21605 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21605 [9] https://security-tracker.debian.org/tracker/CVE-2020-21606 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21606 Please adjust the affected versions in the BTS as needed.
