There are 3 open security issues in bookworm.
3 issues left for the package maintainer to handle:
- CVE-2023-51792:
(needs triaging)
Buffer Overflow vulnerability in libde265 v1.0.12 allows a local attacker to cause a denial of service via the allocation size exceeding the maximum supported size of 0x10000000000.
- CVE-2024-38949:
(postponed; to be fixed through a stable update)
Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to display444as420 function at sdl.cc
- CVE-2024-38950:
(postponed; to be fixed through a stable update)
Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to __interceptor_memcpy function.
You can find information about how to handle these issues in the security team's documentation.