CVE-2026-33165

Medium CVSS: 5.5

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctb_info.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay constant but Log2CtbSizeY changes, causing set_SliceHeaderIndex to index past the allocated image metadata array and write 2 bytes past the end of a heap allocation. This issue has been patched in version 1.0.17.

Vendor

Struktur

Product

Libde265

CWE

CWE-787

Yayın Tarihi

2026-03-20 21:17:16

Güncelleme

2026-03-23 20:09:04

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-787 Libde265 MEDIUM Struktur 2026

Referanslar

https://github.com/strukturag/libde265/commit/c7891e412106130b83f8e8ea8b7f907e9449b658 https://github.com/strukturag/libde265/releases/tag/v1.0.17 https://github.com/strukturag/libde265/security/advisories/GHSA-653q-9f73-8hvg

Benzer Kayıtlar

High

CVE-2026-33164

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL u…

Medium

CVE-2025-61147

strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decoder_context::comp…

Medium

CVE-2025-68431

libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the…

Low

CVE-2025-43966

libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.

Low

CVE-2025-43967

libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a gri…

Medium

CVE-2025-29482

Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO (Sample Ad…