What is CVE-2023-47471?

CVE-2023-47471 is a buffer overflow vulnerability in strukturag libde265 v1.10.12 that allows a local attacker to cause a denial of service.

How does CVE-2023-47471 affect strukturag libde265?

CVE-2023-47471 affects strukturag libde265 v1.10.12, allowing a local attacker to cause a denial of service.

What is the severity of CVE-2023-47471?

The severity of CVE-2023-47471 is medium with a CVSS score of 6.5.

How can CVE-2023-47471 be fixed?

To fix CVE-2023-47471, users should update to a patched version of strukturag libde265 v1.10.12 or later.

Where can I find more information about CVE-2023-47471?

More information about CVE-2023-47471 can be found in the following references: [link 1](https://github.com/strukturag/libde265/issues/426), [link 2](https://github.com/strukturag/libde265/commit/e36b4a1b0bafa53df47514c419d5be3e8916ebc7).

Vulnerability/
CVE-2023-47471

medium

6.5

CWE

119 120

16/11/2023

30/11/2023

CVE-2023-47471: Buffer Overflow

First published: Thu Nov 16 2023(Updated: )

Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a local attacker to cause a denial of service via the slice_segment_header function in the slice.cc component.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Struktur Libde265	=1.0.12
ubuntu/libde265	<1.0.2-2ubuntu0.16.04.1~	1.0.2-2ubuntu0.16.04.1~
ubuntu/libde265	<1.0.2-2ubuntu0.18.04.1~	1.0.2-2ubuntu0.18.04.1~
ubuntu/libde265	<1.0.4-1ubuntu0.4	1.0.4-1ubuntu0.4
ubuntu/libde265	<1.0.8-1ubuntu0.3	1.0.8-1ubuntu0.3
ubuntu/libde265	<1.0.12-2ubuntu0.1	1.0.12-2ubuntu0.1
debian/libde265	<=1.0.3-1<=1.0.11-0+deb11u1	1.0.11-0+deb10u6 1.0.11-0+deb11u3 1.0.11-1+deb12u2 1.0.15-1

Remedy

https://github.com/strukturag/libde265/commit/e36b4a1b0bafa53df47514c419d5be3e8916ebc7

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

USN-6677-1

Frequently Asked Questions

What is CVE-2023-47471?
CVE-2023-47471 is a buffer overflow vulnerability in strukturag libde265 v1.10.12 that allows a local attacker to cause a denial of service.
How does CVE-2023-47471 affect strukturag libde265?
CVE-2023-47471 affects strukturag libde265 v1.10.12, allowing a local attacker to cause a denial of service.
What is the severity of CVE-2023-47471?
The severity of CVE-2023-47471 is medium with a CVSS score of 6.5.
How can CVE-2023-47471 be fixed?
To fix CVE-2023-47471, users should update to a patched version of strukturag libde265 v1.10.12 or later.
Where can I find more information about CVE-2023-47471?
More information about CVE-2023-47471 can be found in the following references: [link 1](https://github.com/strukturag/libde265/issues/426), [link 2](https://github.com/strukturag/libde265/commit/e36b4a1b0bafa53df47514c419d5be3e8916ebc7).

collector/mitre-cve
collector/nvd-api
agent/type
agent/last-modified-date
agent/first-publish-date
agent/severity
agent/remedy
agent/weakness
agent/references
agent/description
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/author
collector/launchpad-cve
source/Launchpad
collector/security-tracker-debian
source/Debian
agent/softwarecombine
agent/tags
agent/event
collector/usn-cve
source/Ubuntu
vendor/struktur
canonical/struktur libde265
version/struktur libde265/1.0.12
package-manager/debian
package-manager/ubuntu