CVE-2026-33164

CVE-2026-33164

Name

CVE-2026-33164

Description

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in pic_parameter_set::set_derived_values(). This issue has been patched in version 1.0.17.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
security-advisories@github.com	https://github.com/strukturag/libde265/releases/tag/v1.0.17
security-advisories@github.com	https://github.com/strukturag/libde265/security/advisories/GHSA-wqrf-6rf5-v78r

Type

URI

security-advisories@github.com

https://github.com/strukturag/libde265/releases/tag/v1.0.17

security-advisories@github.com

https://github.com/strukturag/libde265/security/advisories/GHSA-wqrf-6rf5-v78r

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:struktur:libde265::::::::`	libde265	>= None	< 1.0.17

CPE URI

Source package

Min version

Max version

cpe:2.3:a:struktur:libde265:*:*:*:*:*:*:*:*

libde265

>= None

< 1.0.17

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
libde265	edge-main	1.0.16-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libde265	edge-main	1.0.15-r1	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libde265	edge-main	1.0.15-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libde265	edge-main	1.0.11-r2	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libde265	edge-main	1.0.11-r1	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libde265	edge-main	1.0.11-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libde265	edge-main	1.0.8-r2	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libde265	3.23-main	1.0.16-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libde265	3.22-main	1.0.15-r1	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libde265	3.22-main	1.0.15-r0	None	possibly vulnerable
libde265	3.22-main	1.0.11-r1	None	possibly vulnerable
libde265	3.22-main	1.0.11-r0	None	possibly vulnerable
libde265	3.22-main	1.0.8-r2	None	possibly vulnerable
libde265	3.21-main	1.0.15-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libde265	3.21-main	1.0.11-r1	None	possibly vulnerable
libde265	3.21-main	1.0.11-r0	None	possibly vulnerable
libde265	3.21-main	1.0.8-r2	None	possibly vulnerable
libde265	3.20-main	1.0.15-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libde265	3.20-main	1.0.11-r1	None	possibly vulnerable
libde265	3.20-main	1.0.11-r0	None	possibly vulnerable
libde265	3.20-main	1.0.8-r2	None	possibly vulnerable
libde265	3.19-main	1.0.15-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libde265	3.19-main	1.0.11-r1	None	possibly vulnerable
libde265	3.19-main	1.0.11-r0	None	possibly vulnerable
libde265	3.19-main	1.0.8-r2	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

libde265

edge-main

1.0.16-r0

Jakub Jirutka <jakub@jirutka.cz>

possibly vulnerable

libde265

edge-main