Source: libde265 X-Debbugs-CC: [email protected] Severity: important Tags: security
Hi, The following vulnerabilities were published for libde265. CVE-2023-49465[0]: | Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow | vulnerability in the derive_spatial_luma_vector_prediction function | at motion.cc. https://github.com/strukturag/libde265/issues/435 CVE-2023-49467[1]: | Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow | vulnerability in the derive_combined_bipredictive_merging_candidates | function at motion.cc. https://github.com/strukturag/libde265/issues/434 CVE-2023-49468[2]: | Libde265 v1.0.14 was discovered to contain a global buffer overflow | vulnerability in the read_coding_unit function at slice.cc. https://github.com/strukturag/libde265/issues/432 Fixed by: https://github.com/strukturag/libde265/commit/3e822a3ccf88df1380b165d6ce5a00494a27ceeb If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-49465 https://www.cve.org/CVERecord?id=CVE-2023-49465 [1] https://security-tracker.debian.org/tracker/CVE-2023-49467 https://www.cve.org/CVERecord?id=CVE-2023-49467 [2] https://security-tracker.debian.org/tracker/CVE-2023-49468 https://www.cve.org/CVERecord?id=CVE-2023-49468 Please adjust the affected versions in the BTS as needed.
