CVE-2023-49467 — Vulnetix

CVE-2023-49467 PUBLISHED CVSS 8.800000190734863 HIGH

Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_candidates function at motion.cc.

EPSS 0.15% · 35.1th percentile

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

0.15%

35.1th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a, n/a
struktur	libde265	1.0.14, 1.0.14, 1.0.14

Timeline

Dec 7, 2023 CVE Published
Dec 8, 2023 EPSS Score
Dec 31, 2023 PoC Published
Jan 6, 2024 EPSS Score
Feb 5, 2024 EPSS Score
Mar 5, 2024 EPSS Score
Apr 4, 2024 EPSS Score
May 3, 2024 EPSS Score
Jun 1, 2024 EPSS Score
Jul 1, 2024 EPSS Score
Aug 28, 2024 EPSS Score
Sep 27, 2024 EPSS Score

References

https://github.com/strukturag/libde265/issues/434 url
[debian-lts-announce] 20231230 [SECURITY] [DLA 3699-1] libde265 security update mailing-list
https://nvd.nist.gov/vuln/detail/CVE-2023-49467 advisory

Open in Interactive Console →