Bug#1056187: libde265: CVE-2023-47471

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1056187: libde265: CVE-2023-47471
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 18 Nov 2023 15:54:59 +0100
Message-id: <[🔎] 170031929978.3151185.726979517997783071.reportbug@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1056187@bugs.debian.org

Source: libde265
Version: 1.0.12-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/strukturag/libde265/issues/426
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for libde265.

CVE-2023-47471[0]:
| Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows
| a local attacker to cause a denial of service via the
| slice_segment_header function in the slice.cc component.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-47471
    https://www.cve.org/CVERecord?id=CVE-2023-47471
[1] https://github.com/strukturag/libde265/issues/426
[2] https://github.com/strukturag/libde265/commit/e36b4a1b0bafa53df47514c419d5be3e8916ebc7

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply to:

Follow-Ups:
- Bug#1056187: marked as done (libde265: CVE-2023-47471)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: ffmpeg_5.1.4-0+deb12u1_source.changes ACCEPTED into proposed-updates
Next by Date: Processed: Re: Bug#1056141: nvenc encoder not available after installing libnvidia-encode1 and enabling ffnvcodec
Previous by thread: ffmpeg_5.1.4-0+deb12u1_source.changes ACCEPTED into proposed-updates
Next by thread: Bug#1056187: marked as done (libde265: CVE-2023-47471)
Index(es):
- Date
- Thread