The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 421c0af9-b206-11ed-9fe5-f4a47516fb57 advisory.

  - libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be     exploited via a crafted a file. (CVE-2020-21594)

  - libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a     crafted a file. (CVE-2020-21595)

  - libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited     via a crafted a file. (CVE-2020-21596)

  - libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a     crafted a file. (CVE-2020-21597)

  - libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which     can be exploited via a crafted a file. (CVE-2020-21598)

  - libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be     exploited via a crafted a file. (CVE-2020-21599)

  - libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which     can be exploited via a crafted a file. (CVE-2020-21600)

  - libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited     via a crafted a file. (CVE-2020-21601)

  - libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can     be exploited via a crafted a file. (CVE-2020-21602)

  - libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be     exploited via a crafted a file. (CVE-2020-21603)

  - libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be     exploited via a crafted a file. (CVE-2020-21604)

  - libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited     via a crafted a file. (CVE-2020-21605)

  - libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be     exploited via a crafted a file. (CVE-2020-21606)

  - Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix     is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official     release. (CVE-2022-1253)

  - Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via     put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a     Denial of Service (DoS) via a crafted video file. (CVE-2022-43236)

  - Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void     put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a     Denial of Service (DoS) via a crafted video file. (CVE-2022-43237)

  - Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-     motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video     file. (CVE-2022-43238)

  - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned     short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted     video file. (CVE-2022-43239)

  - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via     ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial     of Service (DoS) via a crafted video file. (CVE-2022-43240)

  - Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-     motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video     file. (CVE-2022-43241)

  - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char>     in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video     file. (CVE-2022-43242)

  - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via     ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a     Denial of Service (DoS) via a crafted video file. (CVE-2022-43243)

  - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via     put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a     Denial of Service (DoS) via a crafted video file. (CVE-2022-43244)

  - Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short>     in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video     file. (CVE-2022-43245)

  - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via     put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a     Denial of Service (DoS) via a crafted video file. (CVE-2022-43248)

  - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via     put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a     Denial of Service (DoS) via a crafted video file. (CVE-2022-43249)

  - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via     put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of     Service (DoS) via a crafted video file. (CVE-2022-43250)

  - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in     fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted     video file. (CVE-2022-43252)

  - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via     put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a     Denial of Service (DoS) via a crafted video file. (CVE-2022-43253)

  - Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short>     (CVE-2022-47655)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

FreeBSD : libde256 -- multiple vulnerabilities (421c0af9-b206-11ed-9fe5-f4a47516fb57)

critical Nessus Plugin ID 171744

Version 1.2

Version 1.1

Version 1.0

Version 1.2 Nov 6, 2023, 6:46 PM Plugin metadata Plugin Feed: 202311061846
Version 1.1 Sep 1, 2023, 2:16 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202309011416
Version 1.0 Feb 22, 2023, 5:56 AM New Plugin Feed: 202302220556