CVE-2024-38949

Name

CVE-2024-38949

Description

Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to display444as420 function at sdl.cc

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
	https://github.com/strukturag/libde265/issues/460
	https://github.com/zhangteng0526/CVE-information/blob/main/CVE-2024-38949

Match rules

CPE URI	Source package	Min version	Max version
	n/a	== n/a	== n/a
`cpe:2.3:a:struktur:libde265:1.0.15:::::::*`	libde265	== None	== 1.0.15

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
libde265	edge-main	1.0.15-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libde265	edge-main	1.0.15-r1	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libde265	3.22-main	1.0.15-r1	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libde265	3.21-main	1.0.15-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libde265	3.20-main	1.0.15-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libde265	3.19-main	1.0.15-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable