Retesting to see if my patches have any effects on this. "Cannot reproduce" means I cannot reproduce without my patches applied.
TL;DR: Can reproduce CVE-2020-21596, CVE-2020-21601. -- tobi On Sat, 16 Jul 2022 00:32:59 +0200 =?UTF-8?Q?Moritz_M=C3=BChlenhoff?= <j...@inutil.org> wrote: > Source: libde265 > X-Debbugs-CC: t...@security.debian.org > Severity: important > Tags: security > > Hi, > > The following vulnerabilities were published for libde265. > > CVE-2020-21594[0]: > | libde265 v1.0.4 contains a heap buffer overflow in the > | put_epel_hv_fallback function, which can be exploited via a crafted a > | file. > > https://github.com/strukturag/libde265/issues/233 Cannot reproduce with the poc in the upstream issue. > CVE-2020-21595[1]: > | libde265 v1.0.4 contains a heap buffer overflow in the mc_luma > | function, which can be exploited via a crafted a file. > > https://github.com/strukturag/libde265/issues/239 Cannot reproduce with the poc in the upstream issue. > CVE-2020-21596[2]: > | libde265 v1.0.4 contains a global buffer overflow in the > | decode_CABAC_bit function, which can be exploited via a crafted a > | file. > > https://github.com/strukturag/libde265/issues/236 CAN STILL REPRODUCE with the poc in the upstrema issue. > > CVE-2020-21597[3]: > | libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma > | function, which can be exploited via a crafted a file. > > https://github.com/strukturag/libde265/issues/238 Cannot reproduce with the poc in the upstream issue. > CVE-2020-21599[4]: > | libde265 v1.0.4 contains a heap buffer overflow in the > | de265_image::available_zscan function, which can be exploited via a > | crafted a file. > > https://github.com/strukturag/libde265/issues/235 Cannot reproduce with the poc in the upstream issue. > CVE-2020-21601[5]: > | libde265 v1.0.4 contains a stack buffer overflow in the > | put_qpel_fallback function, which can be exploited via a crafted a > | file. > > https://github.com/strukturag/libde265/issues/241 CAN REPRODUCE, one of the two pocs still trigger. > > CVE-2020-21603[6]: > | libde265 v1.0.4 contains a heap buffer overflow in the > | put_qpel_0_0_fallback_16 function, which can be exploited via a > | crafted a file. > > https://github.com/strukturag/libde265/issues/240 Cannot reproduce with the poc in the upstream issue. > > CVE-2020-21604[7]: > | libde265 v1.0.4 contains a heap buffer overflow fault in the > | _mm_loadl_epi64 function, which can be exploited via a crafted a file. > > https://github.com/strukturag/libde265/issues/231 Cannot reproduce with the poc in the upstream issue. > CVE-2020-21605[8]: > | libde265 v1.0.4 contains a segmentation fault in the > | apply_sao_internal function, which can be exploited via a crafted a > | file. > > https://github.com/strukturag/libde265/issues/234 > Cannot reproduce with the poc in the upstream issue. > CVE-2020-21606[9]: > | libde265 v1.0.4 contains a heap buffer overflow fault in the > | put_epel_16_fallback function, which can be exploited via a crafted a > | file. > > https://github.com/strukturag/libde265/issues/232 Cannot reproduce with the poc in the upstream issue. -- tobi
