CVE-2023-51792

NameCVE-2023-51792
DescriptionBuffer Overflow vulnerability in libde265 v1.0.12 allows a local attacker to cause a denial of service via the allocation size exceeding the maximum supported size of 0x10000000000.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libde265 (PTS)bullseye1.0.11-0+deb11u3vulnerable
bullseye (security)1.0.11-0+deb11u1vulnerable
bookworm1.0.11-1+deb12u2vulnerable
sid, trixie1.0.15-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libde265source(unstable)1.0.13-1

Notes

[bookworm] - libde265 <no-dsa> (Minor issue)
[bullseye] - libde265 <no-dsa> (Minor issue)
[buster] - libde265 <postponed> (Minor issue)
https://github.com/strukturag/libde265/issues/427
Fixed by: https://github.com/strukturag/libde265/commit/221e767136b8c46c748ae35b79ec9b976b3da301 (v1.0.13)

Search for package or bug name: Reporting problems