CVE-2023-25221 — Vulnetix

CVE-2023-25221 PUBLISHED CVSS 6.5 MEDIUM

Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc.

EPSS 0.04% · 11.7th percentile

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L

EPSS Score

0.04%

11.7th percentile

Affected Products

Vendor	Product	Versions
debian	debian_linux	10.0, 10.0, 10.0
ibm	spectrum_fusion_hci	2.5.2
struktur	libde265	1.0.10, 1.0.10, 1.0.10
IBM	Spectrum Fusion HCI	2.5.2
n/a	n/a	n/a

Exploit Intelligence

https://github.com/strukturag/libde265/issues/388 (nist-nvd)
https://lists.debian.org/debian-lts-announce/2025/09/msg00025.html (circl)
https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html (circl)
https://www.ibm.com/support/pages/node/7151040 (circl)
https://exchange.xforce.ibmcloud.com/vulnerabilities/266807 (circl)
[debian-lts-announce] 20230304 [SECURITY] [DLA 3352-1] libde265 security update (circl)

Timeline

Mar 1, 2023 CVE Published
Mar 2, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 10, 2023 CVE Updated
Apr 10, 2023 EPSS Score
May 19, 2023 EPSS Score
Jun 27, 2023 EPSS Score
Aug 6, 2023 EPSS Score
Sep 14, 2023 EPSS Score
Oct 23, 2023 EPSS Score
Dec 1, 2023 EPSS Score
Jan 9, 2024 EPSS Score

References

https://github.com/strukturag/libde265/issues/388 url
[debian-lts-announce] 20230304 [SECURITY] [DLA 3352-1] libde265 security update mailing-list
https://nvd.nist.gov/vuln/detail/CVE-2023-25221 advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24838 advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24848 advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24845 advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24840 advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24850 advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24837 advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24836 advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24844 advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24842 advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24843 advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24839 advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24841 advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24827 advisory
https://www.ibm.com/support/pages/node/7151040 vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/266807 vdb
https://lists.debian.org/debian-lts-announce/2025/09/msg00025.html url
https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html url

Open in Interactive Console →