libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file.
https://cwe.mitre.org/data/definitions/122.html
https://github.com/strukturag/libde265/issues/237
https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html