Bug#1014999: libde265: CVE-2020-21594 CVE-2020-21595 CVE-2020-21596 CVE-2020-21597 CVE-2020-21599 CVE-2020-21601 CVE-2020-21603 CVE-2020-21604 CVE-2020-21605 CVE-2020-21606
Retesting to see if my patches have any effects on this.
"Cannot reproduce" means I cannot reproduce without my patches applied.
TL;DR: Can reproduce CVE-2020-21596, CVE-2020-21601.
--
tobi
On Sat, 16 Jul 2022 00:32:59 +0200 =?UTF-8?Q?Moritz_M=C3=BChlenhoff?= <jmm@inutil.org> wrote:
> Source: libde265
> X-Debbugs-CC: team@security.debian.org
> Severity: important
> Tags: security
>
> Hi,
>
> The following vulnerabilities were published for libde265.
>
> CVE-2020-21594[0]:
> | libde265 v1.0.4 contains a heap buffer overflow in the
> | put_epel_hv_fallback function, which can be exploited via a crafted a
> | file.
>
> https://github.com/strukturag/libde265/issues/233
Cannot reproduce with the poc in the upstream issue.
> CVE-2020-21595[1]:
> | libde265 v1.0.4 contains a heap buffer overflow in the mc_luma
> | function, which can be exploited via a crafted a file.
>
> https://github.com/strukturag/libde265/issues/239
Cannot reproduce with the poc in the upstream issue.
> CVE-2020-21596[2]:
> | libde265 v1.0.4 contains a global buffer overflow in the
> | decode_CABAC_bit function, which can be exploited via a crafted a
> | file.
>
> https://github.com/strukturag/libde265/issues/236
CAN STILL REPRODUCE with the poc in the upstrema issue.
>
> CVE-2020-21597[3]:
> | libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma
> | function, which can be exploited via a crafted a file.
>
> https://github.com/strukturag/libde265/issues/238
Cannot reproduce with the poc in the upstream issue.
> CVE-2020-21599[4]:
> | libde265 v1.0.4 contains a heap buffer overflow in the
> | de265_image::available_zscan function, which can be exploited via a
> | crafted a file.
>
> https://github.com/strukturag/libde265/issues/235
Cannot reproduce with the poc in the upstream issue.
> CVE-2020-21601[5]:
> | libde265 v1.0.4 contains a stack buffer overflow in the
> | put_qpel_fallback function, which can be exploited via a crafted a
> | file.
>
> https://github.com/strukturag/libde265/issues/241
CAN REPRODUCE, one of the two pocs still trigger.
>
> CVE-2020-21603[6]:
> | libde265 v1.0.4 contains a heap buffer overflow in the
> | put_qpel_0_0_fallback_16 function, which can be exploited via a
> | crafted a file.
>
> https://github.com/strukturag/libde265/issues/240
Cannot reproduce with the poc in the upstream issue.
>
> CVE-2020-21604[7]:
> | libde265 v1.0.4 contains a heap buffer overflow fault in the
> | _mm_loadl_epi64 function, which can be exploited via a crafted a file.
>
> https://github.com/strukturag/libde265/issues/231
Cannot reproduce with the poc in the upstream issue.
> CVE-2020-21605[8]:
> | libde265 v1.0.4 contains a segmentation fault in the
> | apply_sao_internal function, which can be exploited via a crafted a
> | file.
>
> https://github.com/strukturag/libde265/issues/234
>
Cannot reproduce with the poc in the upstream issue.
> CVE-2020-21606[9]:
> | libde265 v1.0.4 contains a heap buffer overflow fault in the
> | put_epel_16_fallback function, which can be exploited via a crafted a
> | file.
>
> https://github.com/strukturag/libde265/issues/232
Cannot reproduce with the poc in the upstream issue.
--
tobi
Reply to: