First published: Thu Sep 16 2021(Updated: )
libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Struktur Libde265 | =1.0.4 | |
ubuntu/libde265 | <1.0.2-2ubuntu0.18.04.1~ | 1.0.2-2ubuntu0.18.04.1~ |
ubuntu/libde265 | <1.0.4-1ubuntu0.1 | 1.0.4-1ubuntu0.1 |
ubuntu/libde265 | <1.0.2-2ubuntu0.16.04.1~ | 1.0.2-2ubuntu0.16.04.1~ |
debian/libde265 | <=1.0.3-1 | 1.0.11-0+deb10u6 1.0.11-0+deb11u3 1.0.11-0+deb11u1 1.0.11-1+deb12u2 1.0.15-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-21595 is a vulnerability in libde265 v1.0.4 that allows for a heap buffer overflow in the mc_luma function.
CVE-2020-21595 can be exploited by using a crafted file.
CVE-2020-21595 has a severity level of high (6.5).
Versions 1.0.3-1, 1.0.4, 1.0.11-0+deb10u4, 1.0.11-0+deb11u1, 1.0.11-1, and 1.0.12-2 of libde265 are affected by CVE-2020-21595.
To fix CVE-2020-21595, update libde265 to version 1.0.11-0+deb10u4, 1.0.11-0+deb11u1, 1.0.11-1, or 1.0.12-2.