CVE-2020-21596

moderate-risk
Published 2021-09-16

libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file.

Do I need to act?

-
0.27% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
NETWORK / LOW complexity

Affected Products (3)

Affected Vendors

Debian Struktur

References (6)

Exploit https://github.com/strukturag/libde265/issues/236
Mailing List https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html
Third Party Advisory https://www.debian.org/security/2023/dsa-5346
Exploit https://github.com/strukturag/libde265/issues/236
Mailing List https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html
Third Party Advisory https://www.debian.org/security/2023/dsa-5346
34
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 1/34 · Minimal
Exposure 9/34 · Low