Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:conan/libde265@1.0.9
Typeconan
Namespace
Namelibde265
Version1.0.9
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.0.12
Latest_non_vulnerable_version1.0.15
Affected_by_vulnerabilities
0
url VCID-77sx-rq4k-7kgd
vulnerability_id VCID-77sx-rq4k-7kgd
summary 
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_hevc_qpel_pixels_8_sse
references
0
reference_url https://github.com/strukturag/libde265/issues/368
reference_id
reference_type
scores
url https://github.com/strukturag/libde265/issues/368
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-47664
reference_id CVE-2022-47664
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-47664
fixed_packages
aliases CVE-2022-47664
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-77sx-rq4k-7kgd
1
url VCID-86ed-z2u5-kffr
vulnerability_id VCID-86ed-z2u5-kffr
summary 
Out-of-bounds Write
Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int)
references
0
reference_url https://github.com/strukturag/libde265/issues/369
reference_id
reference_type
scores
url https://github.com/strukturag/libde265/issues/369
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-47665
reference_id CVE-2022-47665
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-47665
fixed_packages
aliases CVE-2022-47665
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-86ed-z2u5-kffr
Fixing_vulnerabilities
0
url VCID-5r6a-uvfy-b3d1
vulnerability_id VCID-5r6a-uvfy-b3d1
summary 
Out-of-bounds Read
An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function `derive_boundaryStrength` of `deblock.cc` has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.
references
0
reference_url https://github.com/strukturag/libde265/issues/302
reference_id
reference_type
scores
url https://github.com/strukturag/libde265/issues/302
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-36411
reference_id CVE-2021-36411
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-36411
fixed_packages
0
url pkg:conan/libde265@1.0.9
purl pkg:conan/libde265@1.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-77sx-rq4k-7kgd
1
vulnerability VCID-86ed-z2u5-kffr
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/libde265@1.0.9
aliases CVE-2021-36411
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5r6a-uvfy-b3d1
1
url VCID-aevu-s8rp-f7es
vulnerability_id VCID-aevu-s8rp-f7es
summary An Out-of-bounds Read vulnerability exists in libde265 due to a SEGV in `slice.cc`.
references
0
reference_url https://github.com/strukturag/libde265/issues/298
reference_id
reference_type
scores
url https://github.com/strukturag/libde265/issues/298
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-35452
reference_id CVE-2021-35452
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-35452
fixed_packages
0
url pkg:conan/libde265@1.0.9
purl pkg:conan/libde265@1.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-77sx-rq4k-7kgd
1
vulnerability VCID-86ed-z2u5-kffr
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/libde265@1.0.9
aliases CVE-2021-35452
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aevu-s8rp-f7es
2
url VCID-cp59-hynh-bydw
vulnerability_id VCID-cp59-hynh-bydw
summary 
Reachable Assertion
There is an Assertion `scaling_list_pred_matrix_id_delta==1` failed at `sps.cc:925` in libde265 when decoding a file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.
references
0
reference_url https://github.com/strukturag/libde265/issues/300
reference_id
reference_type
scores
url https://github.com/strukturag/libde265/issues/300
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-36409
reference_id CVE-2021-36409
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-36409
fixed_packages
0
url pkg:conan/libde265@1.0.9
purl pkg:conan/libde265@1.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-77sx-rq4k-7kgd
1
vulnerability VCID-86ed-z2u5-kffr
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/libde265@1.0.9
aliases CVE-2021-36409
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cp59-hynh-bydw
3
url VCID-rqqd-ptxb-rqf8
vulnerability_id VCID-rqqd-ptxb-rqf8
summary 
Out-of-bounds Write
Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release.
references
0
reference_url https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8
reference_id
reference_type
scores
url https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8
1
reference_url https://huntr.dev/bounties/1-other-strukturag/libde265
reference_id
reference_type
scores
url https://huntr.dev/bounties/1-other-strukturag/libde265
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1253
reference_id CVE-2022-1253
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-1253
fixed_packages
0
url pkg:conan/libde265@1.0.9
purl pkg:conan/libde265@1.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-77sx-rq4k-7kgd
1
vulnerability VCID-86ed-z2u5-kffr
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/libde265@1.0.9
aliases CVE-2022-1253
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rqqd-ptxb-rqf8
4
url VCID-v5w4-wgke-8kd1
vulnerability_id VCID-v5w4-wgke-8kd1
summary 
Use After Free
There is a Heap-use-after-free in `intrapred.h` when decoding a file using `dec265`.
references
0
reference_url https://github.com/strukturag/libde265/issues/299
reference_id
reference_type
scores
url https://github.com/strukturag/libde265/issues/299
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-36408
reference_id CVE-2021-36408
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-36408
fixed_packages
0
url pkg:conan/libde265@1.0.9
purl pkg:conan/libde265@1.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-77sx-rq4k-7kgd
1
vulnerability VCID-86ed-z2u5-kffr
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/libde265@1.0.9
aliases CVE-2021-36408
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v5w4-wgke-8kd1
5
url VCID-ymdg-prmu-vybr
vulnerability_id VCID-ymdg-prmu-vybr
summary 
Out-of-bounds Write
A stack-buffer-overflow exists in libde265 via `fallback-motion.cc` in function `put_epel_hv_fallback` when running program `dec265`.
references
0
reference_url https://github.com/strukturag/libde265/issues/301
reference_id
reference_type
scores
url https://github.com/strukturag/libde265/issues/301
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-36410
reference_id CVE-2021-36410
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-36410
fixed_packages
0
url pkg:conan/libde265@1.0.9
purl pkg:conan/libde265@1.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-77sx-rq4k-7kgd
1
vulnerability VCID-86ed-z2u5-kffr
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/libde265@1.0.9
aliases CVE-2021-36410
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ymdg-prmu-vybr
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:conan/libde265@1.0.9