Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/libde265@1.0.8-r2?arch=riscv64&distroversion=v3.20&reponame=main

Type apk

Namespace alpine

Name libde265

Version 1.0.8-r2

Qualifiers

arch	riscv64
distroversion	v3.20
reponame	main

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.0.11-r0

Latest_non_vulnerable_version 1.0.15-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-5pkw-zxxy-p7bn

vulnerability_id VCID-5pkw-zxxy-p7bn

summary

Out-of-bounds Read
An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function `derive_boundaryStrength` of `deblock.cc` has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-36411

reference_id

reference_type

scores

value	0.00156
scoring_system	epss
scoring_elements	0.36033
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-36411

reference_url	https://github.com/strukturag/libde265/issues/302
reference_id
reference_type
scores
url	https://github.com/strukturag/libde265/issues/302

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014977
reference_id	1014977
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014977

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-36411
reference_id	CVE-2021-36411
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-36411

reference_url	https://security.gentoo.org/glsa/202408-20
reference_id	GLSA-202408-20
reference_type
scores
url	https://security.gentoo.org/glsa/202408-20

reference_url	https://usn.ubuntu.com/6627-1/
reference_id	USN-6627-1
reference_type
scores
url	https://usn.ubuntu.com/6627-1/

fixed_packages

url	pkg:apk/alpine/libde265@1.0.8-r2?arch=riscv64&distroversion=v3.20&reponame=main
purl	pkg:apk/alpine/libde265@1.0.8-r2?arch=riscv64&distroversion=v3.20&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libde265@1.0.8-r2%3Farch=riscv64&distroversion=v3.20&reponame=main

aliases CVE-2021-36411

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5pkw-zxxy-p7bn

url VCID-61un-k2qx-vugt

vulnerability_id VCID-61un-k2qx-vugt

summary

Use After Free
There is a Heap-use-after-free in `intrapred.h` when decoding a file using `dec265`.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-36408

reference_id

reference_type

scores

value	0.00103
scoring_system	epss
scoring_elements	0.2784
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-36408

reference_url	https://github.com/strukturag/libde265/issues/299
reference_id
reference_type
scores
url	https://github.com/strukturag/libde265/issues/299

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014977
reference_id	1014977
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014977

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-36408
reference_id	CVE-2021-36408
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-36408

reference_url	https://security.gentoo.org/glsa/202408-20
reference_id	GLSA-202408-20
reference_type
scores
url	https://security.gentoo.org/glsa/202408-20

reference_url	https://usn.ubuntu.com/6617-1/
reference_id	USN-6617-1
reference_type
scores
url	https://usn.ubuntu.com/6617-1/

reference_url	https://usn.ubuntu.com/6627-1/
reference_id	USN-6627-1
reference_type
scores
url	https://usn.ubuntu.com/6627-1/

fixed_packages

url	pkg:apk/alpine/libde265@1.0.8-r2?arch=riscv64&distroversion=v3.20&reponame=main
purl	pkg:apk/alpine/libde265@1.0.8-r2?arch=riscv64&distroversion=v3.20&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libde265@1.0.8-r2%3Farch=riscv64&distroversion=v3.20&reponame=main

aliases CVE-2021-36408

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-61un-k2qx-vugt

url VCID-dj35-f5dk-zyc9

vulnerability_id VCID-dj35-f5dk-zyc9

summary

Out-of-bounds Write
A stack-buffer-overflow exists in libde265 via `fallback-motion.cc` in function `put_epel_hv_fallback` when running program `dec265`.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-36410

reference_id

reference_type

scores

value	0.00088
scoring_system	epss
scoring_elements	0.25121
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-36410

reference_url	https://github.com/strukturag/libde265/issues/301
reference_id
reference_type
scores
url	https://github.com/strukturag/libde265/issues/301

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014977
reference_id	1014977
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014977

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-36410
reference_id	CVE-2021-36410
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-36410

reference_url	https://security.gentoo.org/glsa/202408-20
reference_id	GLSA-202408-20
reference_type
scores
url	https://security.gentoo.org/glsa/202408-20

reference_url	https://usn.ubuntu.com/6627-1/
reference_id	USN-6627-1
reference_type
scores
url	https://usn.ubuntu.com/6627-1/

fixed_packages

url	pkg:apk/alpine/libde265@1.0.8-r2?arch=riscv64&distroversion=v3.20&reponame=main
purl	pkg:apk/alpine/libde265@1.0.8-r2?arch=riscv64&distroversion=v3.20&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libde265@1.0.8-r2%3Farch=riscv64&distroversion=v3.20&reponame=main

aliases CVE-2021-36410

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dj35-f5dk-zyc9

url VCID-pdaa-ef9h-eyh2

vulnerability_id VCID-pdaa-ef9h-eyh2

summary

Out-of-bounds Write
Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1253

reference_id

reference_type

scores

value	0.00482
scoring_system	epss
scoring_elements	0.65454
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1253

reference_url	https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8
reference_id
reference_type
scores
url	https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8

reference_url	https://huntr.dev/bounties/1-other-strukturag/libde265
reference_id
reference_type
scores
url	https://huntr.dev/bounties/1-other-strukturag/libde265

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014977
reference_id	1014977
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014977

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-1253
reference_id	CVE-2022-1253
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-1253

reference_url	https://security.gentoo.org/glsa/202408-20
reference_id	GLSA-202408-20
reference_type
scores
url	https://security.gentoo.org/glsa/202408-20

reference_url	https://usn.ubuntu.com/6627-1/
reference_id	USN-6627-1
reference_type
scores
url	https://usn.ubuntu.com/6627-1/

fixed_packages

url	pkg:apk/alpine/libde265@1.0.8-r2?arch=riscv64&distroversion=v3.20&reponame=main
purl	pkg:apk/alpine/libde265@1.0.8-r2?arch=riscv64&distroversion=v3.20&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libde265@1.0.8-r2%3Farch=riscv64&distroversion=v3.20&reponame=main

aliases CVE-2022-1253

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pdaa-ef9h-eyh2

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libde265@1.0.8-r2%3Farch=riscv64&distroversion=v3.20&reponame=main

Package Instance