7.1
CVE-2026-49295
- EPSS 0.23%
- Veröffentlicht 19.06.2026 20:09:22
- Zuletzt bearbeitet 26.06.2026 19:17:19
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
libde265 has an out-of-bounds write in process_reference_picture_set via predicted short-term RPS
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in `decoder_context::process_reference_picture_set()` (`libde265/decctx.cc:1376`). The root cause is a missing aggregate bound check on predicted short-term reference picture set entries. Individual list sizes are validated, but the combined count after predicted RPS construction can exceed the 16-entry `PocStFoll` array, writing at index 16. Version 1.0.20 patches the issue.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.134 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 7.1 | 2.8 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
https://github.com/strukturag/libde265/security/advisories/GHSA-g2rg-wj66-w594
https://github.com/strukturag/libde265/commit/691f3a3c55b3d32478c4a49895dee061a282652b