CVE Catalog

CVE-2026-49346

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

13th percentile — higher than 13% of all known CVEs

Summary

In libde265 prior to version 1.1.0, a signed integer overflow vulnerability was found in the `de265_image_get_buffer()` function. A crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes the plane allocation size to wrap to a small value (~1 KB), while the subsequent `fill_image()` call writes approximately 4 GB of data into the undersized heap buffer, leading to a heap buffer overflow.

Risk Assessment

An attacker can remotely cause memory corruption and potentially take control of an application using libde265, which may lead to data leakage or denial of service.

Recommendation

Immediately update libde265 to version 1.1.0 or later, which contains a fix for this vulnerability.

Original NVD description (English source)

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in `de265_image_get_buffer()` (`libde265/image.cc:128`). The overflow wraps the plane allocation size to a small value (~1 KB), but the subsequent `fill_image()` call computes the real size using `size_t`, writing ~4 GB into the undersized heap buffer. Version 1.1.0 patches the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS