Buffer Overflow vulnerability in libde265 v1.0.12 allows a local attacker to cause a denial of service via the allocation size exceeding the maximum supported size of 0x10000000000.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4550 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-4550-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                   Andreas Henriksson     April 27, 2026                                https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : libde265     Version        : 1.0.11-0+deb11u4     CVE ID         : CVE-2023-51792 CVE-2026-33164 CVE-2026-33165     Debian Bug     : 1131468 1131469

    It was found that libde265, an open source implementation of the H.265 video     codec, had multiple vulnerabilities which could lead to both stack and heap     out of bound writes that could lead to denial of service, etc.

    For Debian 11 bullseye, these problems have been fixed in version     1.0.11-0+deb11u4.

    We recommend that you upgrade your libde265 packages.

    For the detailed security status of libde265 please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/libde265

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Buffer Overflow vulnerability in libde265 v1.0.12 allows a local attacker to cause a denial of service via     the allocation size exceeding the maximum supported size of 0x10000000000. (CVE-2023-51792)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-3a548f46a8 advisory.

    update to 125.0.6422.60

          * High CVE-2024-4947: Type Confusion in V8
          * High CVE-2024-4948: Use after free in Dawn
          * Medium CVE-2024-4949: Use after free in V8
          * Low CVE-2024-4950: Inappropriate implementation in Downloads

    ----

    update to 124.0.6367.201

          * High CVE-2024-4671: Use after free in Visuals


    ----

    - update to 124.0.6367.155

          * High CVE-2024-4558: Use after free in ANGLE
          * High CVE-2024-4559: Heap buffer overflow in WebAudio


    ----

    update to 124.0.6367.118

          * High CVE-2024-4331: Use after free in Picture In Picture
          * High CVE-2024-4368: Use after free in Dawn


    ----

    update to 124.0.6367.91

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-92780a83f9 advisory.

    - update to 124.0.6367.155

          * High CVE-2024-4558: Use after free in ANGLE
          * High CVE-2024-4559: Heap buffer overflow in WebAudio


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-55e7e839f1 advisory.

    - update to 124.0.6367.155

          * High CVE-2024-4558: Use after free in ANGLE
          * High CVE-2024-4559: Heap buffer overflow in WebAudio


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6764-1 advisory.

    It was discovered that libde265 could be made to allocate memory that exceeds the maximum supported size.
    If a user or automated system were tricked into opening a specially crafted file, an attacker could     possibly use this issue to cause a denial of service.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
310419	Debian dla-4550 : libde265-0 - security update	Nessus	Debian Local Security Checks	high
225967	Linux Distros Unpatched Vulnerability : CVE-2023-51792	Nessus	Misc.	low
197490	Fedora 38 : chromium (2024-3a548f46a8)	Nessus	Fedora Local Security Checks	critical
195341	Fedora 40 : chromium (2024-92780a83f9)	Nessus	Fedora Local Security Checks	critical
195322	Fedora 39 : chromium (2024-55e7e839f1)	Nessus	Fedora Local Security Checks	critical
195117	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : libde265 vulnerability (USN-6764-1)	Nessus	Ubuntu Local Security Checks	low

Detections

Analytics

CVE-2023-51792

low

Tenable Plugins

high

low

critical

critical

critical

low