Closed blu3sh0rk closed 1 year ago
Thank you
This vulnerability has an CVE NO. CVE-2023-27103 Has this been fixed?
Could you please generate a new version of this library (i.e. 1.0.12) with the fix in https://github.com/strukturag/libde265/commit/d6bf73e765b7a23627bfd7a8645c143fd9097995 ?
Desctiption
A heap-buffer-overflow has occurred when running program dec265 in function derive_collocated_motion_vectors at motion.cc:1259:41
Version
Steps to reproduce
POC
https://github.com/blu3sh0rk/Fuzzing-crash/blob/main/Heap-overflow-POC1.zip
Code in function derive_collocated_motion_vectors at motion.cc:1259:41
Impact
Potentially causing DoS and RCE