Security Information / 2023 / Security Information -- DSA-5346-1 libde265

Debian Security Advisory

DSA-5346-1 libde265 -- security update

Date Reported:

10 Feb 2023

Affected Packages:

libde265

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 1004963, Bug 1014977, Bug 1014999, Bug 1025816, Bug 1027179, Bug 1029357, Bug 1029396, Bug 1029397.
In Mitre's CVE dictionary: CVE-2020-21594, CVE-2020-21595, CVE-2020-21596, CVE-2020-21597, CVE-2020-21598, CVE-2020-21599, CVE-2020-21600, CVE-2020-21601, CVE-2020-21602, CVE-2020-21603, CVE-2020-21604, CVE-2020-21605, CVE-2020-21606, CVE-2021-35452, CVE-2021-36408, CVE-2021-36409, CVE-2021-36410, CVE-2021-36411, CVE-2022-1253, CVE-2022-43235, CVE-2022-43236, CVE-2022-43237, CVE-2022-43238, CVE-2022-43239, CVE-2022-43240, CVE-2022-43241, CVE-2022-43242, CVE-2022-43243, CVE-2022-43244, CVE-2022-43245, CVE-2022-43248, CVE-2022-43249, CVE-2022-43250, CVE-2022-43252, CVE-2022-43253, CVE-2022-47655.

More information:

Multiple security issues were discovered in libde265, an implementation of the H.265 video codec which may result in denial of service and potentially the execution of arbitrary code if a malformed media file is processed.

For the stable distribution (bullseye), these problems have been fixed in version 1.0.11-0+deb11u1.

We recommend that you upgrade your libde265 packages.

For the detailed security status of libde265 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libde265