Closed blu3sh0rk closed 1 year ago
Thank you
Is it possible to do a patch release in the upcoming weeks that officially addresses this issue (https://nvd.nist.gov/vuln/detail/CVE-2023-27102) Version 1.0.11 was released on Feb 1, 2023 according to https://github.com/strukturag/libde265/releases
Desctiption
A SEGV has occurred when running program dec265 NULL Pointer Dereference in function decoder_context::process_slice_segment_header at decctx.cc:2007:20
Version
Steps to reproduce
POC
https://github.com/blu3sh0rk/Fuzzing-crash/blob/main/SEGV.zip
GDB INFO
Impact
Due to incorrect access control, a SEGV caused by a READ memory access occurred at line 2007 of the code. This issue can cause a Denial of Service attack.