CVE-2026-49346: CWE-190: Integer Overflow or Wraparound in strukturag libde265
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in `de265_image_get_buffer()` (`libde265/image.cc:128`). The overflow wraps the plane allocation size to a small value (~1 KB), but the subsequent `fill_image()` call computes the real size using `size_t`, writing ~4 GB into the undersized heap buffer. Version 1.1.0 patches the issue.
AI Analysis
Technical Summary
libde265 versions before 1.1.0 contain a signed integer overflow in the function de265_image_get_buffer() triggered by crafted H.265 bitstreams with large SPS dimensions and 16-bit bit depth. The overflow causes the plane allocation size to wrap to a small value (~1 KB), but the subsequent fill_image() call writes about 4 GB into this undersized buffer, leading to heap corruption. This vulnerability is addressed in libde265 version 1.1.0.
Potential Impact
An attacker can cause a large out-of-bounds write (~4 GB) on the heap by supplying a malicious H.265 bitstream, potentially resulting in denial of service or memory corruption. There is no indication of confidentiality impact, but integrity and availability impacts are present.
Mitigation Recommendations
Upgrade libde265 to version 1.1.0 or later, where this vulnerability is patched. No other mitigation or temporary fix is indicated.
CVE-2026-49346: CWE-190: Integer Overflow or Wraparound in strukturag libde265
Description
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in `de265_image_get_buffer()` (`libde265/image.cc:128`). The overflow wraps the plane allocation size to a small value (~1 KB), but the subsequent `fill_image()` call computes the real size using `size_t`, writing ~4 GB into the undersized heap buffer. Version 1.1.0 patches the issue.
CVSS v3.1
Score 7.1high
Affected software
pkg:github/strukturag/libde265Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
libde265 versions before 1.1.0 contain a signed integer overflow in the function de265_image_get_buffer() triggered by crafted H.265 bitstreams with large SPS dimensions and 16-bit bit depth. The overflow causes the plane allocation size to wrap to a small value (~1 KB), but the subsequent fill_image() call writes about 4 GB into this undersized buffer, leading to heap corruption. This vulnerability is addressed in libde265 version 1.1.0.
Potential Impact
An attacker can cause a large out-of-bounds write (~4 GB) on the heap by supplying a malicious H.265 bitstream, potentially resulting in denial of service or memory corruption. There is no indication of confidentiality impact, but integrity and availability impacts are present.
Mitigation Recommendations
Upgrade libde265 to version 1.1.0 or later, where this vulnerability is patched. No other mitigation or temporary fix is indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-29T14:35:45.903Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a35a6559187273676667acd
Added to database: 6/19/2026, 8:28:05 PM
Last enriched: 6/19/2026, 8:42:47 PM
Last updated: 6/19/2026, 10:24:53 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.