[USN-6764-1] libde265 vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEE2WgtvmwmcgaEBLlnCAvK1QvD6SAFAmY6XLkFAwAAAAAACgkQCAvK1QvD6SAS
Jg/+JY+pomw8GCz3N22LWy8Wxpgy4Q5nNLXKUeboNhqghvcXJF664vVjX4827fJl+/bGpwsyRg7/
6L6ncdis7KSRiw+lUvTyAVilCbL713PNkSKWPIYUVT2qjxQT+qeaFZvbyzAsDtaO7jQI+6bpsG2M
QWTkDDt1gOLYCGj3GPYL3DyhGs8U4wZaaBz9MYutqC6O3oWF6yEbVflpSVLL2SsS2boqfO2wBD9a
/5JKKVXWmLSQDor0vL+hJbwZa1FmV2cXTt/fYGyVlF3L51Na5Zctijpe+t6j+L3ntAhmYpzBvpFC
tq9RYUdkLbF6q8AC29GWA6o5QWC4GjcD053jwGb+3k2PQTH5B8RdBgZhSAdv3zUnyP8BAX/Jucsk
P9Ag/OqzQYxhuBgN3kMB0YpzfqYMC8Mt4M8lc88p5miNUwgpZsj55sSxzt6np3S1tQgTXBAPKPo+
bwUGcNM+4qZoUabLpCGUuuwWCpmAQndlRBZOvQgXM3Dhu38O7KinbWWAU7qEPLVpFdyEAB4TVmMb
1tqgG6VoiSJ3JoC7Lb4sizjUF6z8HF8Q/C5JNI/tWw98DVUYakZjcCEdbu0611pTqq0ops2PYiwt
+pb4LTI9j9Jd1M162ar9hJ3tfpHezzewqSdfMPSBiiLHK/j6nS90fiJQBZnNbVLUpEsbsS+XSnDM
DTc=
=onNo
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6764-1
May 07, 2024

libde265 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

libde265 could be made to crash if it opened a specially crafted
file.

Software Description:
- libde265: Open H.265 video codec implementation

Details:

It was discovered that libde265 could be made to allocate memory that
exceeds the maximum supported size. If a user or automated system were
tricked into opening a specially crafted file, an attacker could possibly
use this issue to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10
  libde265-0                      1.0.12-2ubuntu0.2

Ubuntu 22.04 LTS
  libde265-0                      1.0.8-1ubuntu0.3+esm1
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  libde265-0                      1.0.4-1ubuntu0.4+esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  libde265-0                      1.0.2-2ubuntu0.18.04.1~esm5
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libde265-0                      1.0.2-2ubuntu0.16.04.1~esm5
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6764-1
  CVE-2023-51792

Package Information:
  https://launchpad.net/ubuntu/+source/libde265/1.0.12-2ubuntu0.2