libde265 has an unbounded memory leak via orphaned slice headers...

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Description

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes `decoder_context::read_slice_NAL()` (`libde265/decctx.cc:481`) to attach slice headers to a finished picture object
that has no active image unit, resulting in attacker-controlled unbounded heap growth. The retained headers are never freed until the picture is released, which may not happen during continuous streaming. Version 1.0.20 patches the issue.

Basic Information

ID CVE-2026-49337

Source GitHub_M

Published Jun 19, 2026 at 19:53

Modified Jun 19, 2026 at 20:10

Affected Product

Vendor strukturag

Product libde265

Version < 1.0.20

Affected Versions strukturag libde265 < 1.0.20

CWE Classification

CWE-770

References

{
    "lastseen": "",
    "description": "libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes `decoder_context::read_slice_NAL()` (`libde265/decctx.cc:481`) to attach slice headers to a finished picture object\nthat has no active image unit, resulting in attacker-controlled unbounded heap growth. The retained headers are never freed until the picture is released, which may not happen during continuous streaming. Version 1.0.20 patches the issue.",
    "published": "2026-06-19T19:53:18.817Z",
    "modified": "2026-06-19T20:10:36.194Z",
    "type": "cve",
    "title": "libde265 has an unbounded memory leak via orphaned slice headers in `read_slice_NAL`",
    "source": "GitHub_M",
    "references": "https://github.com/strukturag/libde265/security/advisories/GHSA-g5hj-rf9f-7vxm\nhttps://github.com/strukturag/libde265/commit/683cb9fa603e35840642f98765ab95cdb71cadf9",
    "id": "CVE-2026-49337",
    "bulletinFamily": "",
    "cwe": [
        "CWE-770"
    ],
    "cvelist": null,
    "sourceData": "strukturag libde265 < 1.0.20",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "libde265",
    "version": "< 1.0.20",
    "vendor": "strukturag",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

libde265 has an unbounded memory leak via orphaned slice headers in `read_slice_NAL`_CVE-2026-49337