strukturag/libde265 v1.1.0

v1.1.0 - security limits

on GitHub

Added de265_security_limits parameters to limit the maximum image size and memory that libde265 will use during decoding.

Security fixes

• CVE TBD (GHSA-g2rg-wj66-w594) - Out-of-bounds write in process_reference_picture_set via predicted short-term RPS
• CVE TBD (GHSA-vv8h-932h-7r86) - Heap buffer overflow in de265_image_get_buffer via SPS dimension integer overflow
• CVE TBD (GHSA-g5hj-rf9f-7vxm) - Unbounded memory accumulation via orphaned slice headers in read_slice_NAL
• (GHSA-x27c-jp65-g395) - Quadratic CPU consumption in NAL parser (remove_stuffing_bytes, resize)