CVE-2023-43887: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

November 22, 2023 (updated November 30, 2023)

Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump.

References

github.com/strukturag/libde265/commit/63b596c915977f038eafd7647d1db25488a8c133
github.com/strukturag/libde265/issues/418
lists.debian.org/debian-lts-announce/2023/11/msg00032.html
nvd.nist.gov/vuln/detail/CVE-2023-43887

Detect and mitigate CVE-2023-43887 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →