English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.893240
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DLA-3240-1)
Summary:The remote host is missing an update for the Debian 'libde265' package(s) announced via the DLA-3240-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'libde265' package(s) announced via the DLA-3240-1 advisory.

Vulnerability Insight:
Multiple issues were found in libde265, an open source implementation of the h.265 video codec, which may result in denial of or have unspecified other impact.


CVE-2020-21599

libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file.

CVE-2021-35452

An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.

CVE-2021-36408

libde265 v1.0.8 contains a Heap-use-after-free in intrapred.h when decoding file using dec265.

CVE-2021-36409

There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.

CVE-2021-36410

A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.

CVE-2021-36411

An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.

For Debian 10 buster, these problems have been fixed in version 1.0.3-1+deb10u1.

We recommend that you upgrade your libde265 packages.

For the detailed security status of libde265 please refer to its security tracker page at: [link moved to references]

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references]

Affected Software/OS:
'libde265' package(s) on Debian 10.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-21595
Debian Security Information: DSA-5346 (Google Search)
https://www.debian.org/security/2023/dsa-5346
https://github.com/strukturag/libde265/issues/239
Common Vulnerability Exposure (CVE) ID: CVE-2020-21597
https://github.com/strukturag/libde265/issues/238
https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html
Common Vulnerability Exposure (CVE) ID: CVE-2020-21598
https://cwe.mitre.org/data/definitions/122.html
https://github.com/strukturag/libde265/issues/237
Common Vulnerability Exposure (CVE) ID: CVE-2020-21599
https://github.com/strukturag/libde265/issues/235
https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html
Common Vulnerability Exposure (CVE) ID: CVE-2020-21600
https://github.com/strukturag/libde265/issues/243
Common Vulnerability Exposure (CVE) ID: CVE-2020-21601
https://github.com/strukturag/libde265/issues/241
Common Vulnerability Exposure (CVE) ID: CVE-2020-21602
https://github.com/strukturag/libde265/issues/242
Common Vulnerability Exposure (CVE) ID: CVE-2020-21603
https://github.com/strukturag/libde265/issues/240
Common Vulnerability Exposure (CVE) ID: CVE-2020-21604
https://github.com/strukturag/libde265/issues/231
Common Vulnerability Exposure (CVE) ID: CVE-2020-21605
https://github.com/strukturag/libde265/issues/234
Common Vulnerability Exposure (CVE) ID: CVE-2020-21606
https://github.com/strukturag/libde265/issues/232
Common Vulnerability Exposure (CVE) ID: CVE-2021-35452
https://github.com/strukturag/libde265/issues/298
Common Vulnerability Exposure (CVE) ID: CVE-2021-36408
https://github.com/strukturag/libde265/issues/299
Common Vulnerability Exposure (CVE) ID: CVE-2021-36409
https://github.com/strukturag/libde265/issues/300
Common Vulnerability Exposure (CVE) ID: CVE-2021-36410
https://github.com/strukturag/libde265/issues/301
Common Vulnerability Exposure (CVE) ID: CVE-2021-36411
https://github.com/strukturag/libde265/issues/302
CopyrightCopyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.