Ubuntu Security Notice 6617-1 - It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
9e3e8cbd9c3a3debf8e66f4b40678f8bde1c3f0e39247249c77cb21c1b7d84c0
==========================================================================
Ubuntu Security Notice USN-6617-1
January 30, 2024
libde265 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in libde265.
Software Description:
- libde265: Open H.265 video codec implementation
Details:
It was discovered that libde265 could be made to write out of bounds. If a
user or automated system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. This issue only affected Ubuntu 16.04
LTS and Ubuntu 18.04 LTS. (CVE-2020-21594)
It was discovered that libde265 could be made to write out of bounds. If a
user or automated system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. (CVE-2020-21595, CVE-2020-21596,
CVE-2020-21599, CVE-2020-21600, CVE-2020-21601, CVE-2020-21602,
CVE-2020-21603, CVE-2020-21604, CVE-2020-21605)
It was discovered that libde265 did not properly manage memory. If a user
or automated system were tricked into opening a specially crafted file, an
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue only affected Ubuntu 20.04 LTS.
(CVE-2020-21597, CVE-2020-21598, CVE-2020-21606, CVE-2021-36408)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
libde265-0 1.0.4-1ubuntu0.1
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
libde265-0 1.0.2-2ubuntu0.18.04.1~esm1
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
libde265-0 1.0.2-2ubuntu0.16.04.1~esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6617-1
CVE-2020-21594, CVE-2020-21595, CVE-2020-21596, CVE-2020-21597,
CVE-2020-21598, CVE-2020-21599, CVE-2020-21600, CVE-2020-21601,
CVE-2020-21602, CVE-2020-21603, CVE-2020-21604, CVE-2020-21605,
CVE-2020-21606, CVE-2021-36408
Package Information:
https://launchpad.net/ubuntu/+source/libde265/1.0.4-1ubuntu0.1