[SECURITY] [DLA 3676-1] libde265 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3676-1] libde265 security update
From: gladk@debian.org
Date: Thu, 30 Nov 2023 18:45:08 +0100 (CET)
Message-id: <[🔎] 20231130174508.775A04A0215@localhost.localdomain>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3676-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                         Anton Gladky
November 30, 2023                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libde265
Version        : 1.0.11-0+deb10u5
CVE ID         : CVE-2023-27102 CVE-2023-27103 CVE-2023-43887 CVE-2023-47471

Multiple issues were found in libde265, an open source implementation of the h.265 video codec.

CVE-2023-27102

    NULL pointer dereference in function decoder_context::process_slice_segment_header
    at decctx.cc.

CVE-2023-27103

    Heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc.

CVE-2023-43887

    Multiple buffer overflows via the num_tile_columns and num_tile_row parameters in
    the function pic_parameter_set::dump.

CVE-2023-47471

    Buffer overflow vulnerability in strukturag may cause a denial of service via
    the slice_segment_header function in the slice.cc component.

For Debian 10 buster, these problems have been fixed in version
1.0.11-0+deb10u5.

We recommend that you upgrade your libde265 packages.

For the detailed security status of libde265 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libde265

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmVoyiEACgkQ0+Fzg8+n
/wbb+Q//cM61KgteiMDEuqMHvujKlqOcx3J6wq2fgo87yVDrPCU9+SN9sQM496Lm
xdPQlQ21EMhSIP7jYPJJXUCwXOVBVcY3NOiODc8Yi2tzbtekeDejc9UGm/+kgBAM
SNNptkqrx8r4fgDTvI2ZMHgKt+oc91+PGDecSR6pVZNVDtVl/9hRu3S16ZsjstsN
03QKK2xiAmXgLsiyAbl7UFGc/8+hApgH1xqTRtyb+vqH6+IpUJkkzvEHrY2hf0YC
AVjFdJo2jnb26PoN0oQU/XByLQuJFL/RNSFq8+j231CZLhz5R+kYA+OpfKmVGQMS
m4fdF0mwxHipSe8FvoJNstL5JeyQteNNcj+ZcOe8zsKxN+F7SgrL/Zrwt9oFLzil
NnSEed8eaQ1knhL33yaUbtCmXL5BN6nygMTVNDQUpKNbqhFLV6t5ZC8396qnLqwI
bj5e9gsmT4JsigT+j55OYTb4/LAX1IjNoEjnYt6T1J88H9Zg+2tet1C4TRjax7y2
yCMeovfwPOCvzWNV5oU8qFagFCI8mp6bxgnxXP+VgJp9HuXcO5R9H4mDAfG0hBgY
v5VgU0PDUqm9r6nEqqi1yNEzBPCllHQo2euYoyPsEhIXWrMhL2MJE4E5htMmPCIQ
rF687SpJEmqxFX6BZ1flNzzjWSTPIsa3JPX/Ei0Iu4WyywMa8GA=
=RY6y
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3677-1] gimp-dds security update
Next by Date: [SECURITY] [DLA 3676-1] horizon security update
Previous by thread: [SECURITY] [DLA 3677-1] gimp-dds security update
Next by thread: [SECURITY] [DLA 3676-1] horizon security update
Index(es):
- Date
- Thread