Test ID:	1.3.6.1.4.1.25623.1.0.893280
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-3280-1)
Summary:	The remote host is missing an update for the Debian 'libde265' package(s) announced via the DLA-3280-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'libde265' package(s) announced via the DLA-3280-1 advisory. Vulnerability Insight: Multiple issues were found in libde265, an open source implementation of the H.265 video codec, which may result in denial of or have unspecified other impact. CVE-2020-21596 libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file. CVE-2020-21597 libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file. CVE-2020-21598 libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file. CVE-2022-43235 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. CVE-2022-43236 Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. CVE-2022-43237 Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. CVE-2022-43238 Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. CVE-2022-43239 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. CVE-2022-43240 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. CVE-2022-43241 Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. CVE-2022-43242 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. CVE-2022-43243 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. CVE-2022-43244 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback in fallback-motion.cc. This vulnerability allows attackers to cause ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'libde265' package(s) on Debian 10. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-21596 Debian Security Information: DSA-5346 (Google Search) https://www.debian.org/security/2023/dsa-5346 https://github.com/strukturag/libde265/issues/236 https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html Common Vulnerability Exposure (CVE) ID: CVE-2020-21597 https://github.com/strukturag/libde265/issues/238 Common Vulnerability Exposure (CVE) ID: CVE-2020-21598 https://cwe.mitre.org/data/definitions/122.html https://github.com/strukturag/libde265/issues/237 Common Vulnerability Exposure (CVE) ID: CVE-2022-43235 https://github.com/strukturag/libde265/issues/337 Common Vulnerability Exposure (CVE) ID: CVE-2022-43236 https://github.com/strukturag/libde265/issues/343 Common Vulnerability Exposure (CVE) ID: CVE-2022-43237 https://github.com/strukturag/libde265/issues/344 Common Vulnerability Exposure (CVE) ID: CVE-2022-43238 https://github.com/strukturag/libde265/issues/336 Common Vulnerability Exposure (CVE) ID: CVE-2022-43239 https://github.com/strukturag/libde265/issues/341 Common Vulnerability Exposure (CVE) ID: CVE-2022-43240 https://github.com/strukturag/libde265/issues/335 Common Vulnerability Exposure (CVE) ID: CVE-2022-43241 https://github.com/strukturag/libde265/issues/338 Common Vulnerability Exposure (CVE) ID: CVE-2022-43242 https://github.com/strukturag/libde265/issues/340 Common Vulnerability Exposure (CVE) ID: CVE-2022-43243 https://github.com/strukturag/libde265/issues/339 Common Vulnerability Exposure (CVE) ID: CVE-2022-43244 https://github.com/strukturag/libde265/issues/342 Common Vulnerability Exposure (CVE) ID: CVE-2022-43245 https://github.com/strukturag/libde265/issues/352 Common Vulnerability Exposure (CVE) ID: CVE-2022-43248 https://github.com/strukturag/libde265/issues/349 Common Vulnerability Exposure (CVE) ID: CVE-2022-43249 https://github.com/strukturag/libde265/issues/345 Common Vulnerability Exposure (CVE) ID: CVE-2022-43250 https://github.com/strukturag/libde265/issues/346 Common Vulnerability Exposure (CVE) ID: CVE-2022-43252 https://github.com/strukturag/libde265/issues/347 Common Vulnerability Exposure (CVE) ID: CVE-2022-43253 https://github.com/strukturag/libde265/issues/348 Common Vulnerability Exposure (CVE) ID: CVE-2022-47655 https://github.com/strukturag/libde265/issues/367
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.