libde265 v1.0.4 contains a heap buffer overflow in the ffhevcputunweightedpred8sse function, which can be exploited via a crafted a file.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1.0.4-1ubuntu0.1", "binary_name": "libde265-0" }, { "binary_version": "1.0.4-1ubuntu0.1", "binary_name": "libde265-0-dbgsym" }, { "binary_version": "1.0.4-1ubuntu0.1", "binary_name": "libde265-dev" }, { "binary_version": "1.0.4-1ubuntu0.1", "binary_name": "libde265-examples" }, { "binary_version": "1.0.4-1ubuntu0.1", "binary_name": "libde265-examples-dbgsym" } ] }