CVE-2026-49346
Analyzed Analyzed - Analysis Complete

Heap Buffer Overflow in libde265 Video Codec

Vulnerability report for CVE-2026-49346, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-19

Last updated on: 2026-06-26

Assigner: GitHub, Inc.

Description

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in `de265_image_get_buffer()` (`libde265/image.cc:128`). The overflow wraps the plane allocation size to a small value (~1 KB), but the subsequent `fill_image()` call computes the real size using `size_t`, writing ~4 GB into the undersized heap buffer. Version 1.1.0 patches the issue.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-19
Last Modified
2026-06-26
Generated
2026-07-11
AI Q&A
2026-06-20
EPSS Evaluated
2026-07-10
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
struktur libde265 to 1.1.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in libde265, an open source implementation of the H.265 video codec. Before version 1.1.0, a specially crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth triggers a signed integer overflow in the function de265_image_get_buffer(). This overflow causes the plane allocation size to wrap around to a very small value (approximately 1 KB). However, a subsequent function, fill_image(), calculates the actual required size using an unsigned size_t type and writes about 4 GB of data into this undersized heap buffer, leading to a heap buffer overflow.

Impact Analysis

The vulnerability can lead to a heap buffer overflow, which may cause a program crash or potentially allow an attacker to execute arbitrary code or cause a denial of service. Since the overflow writes a large amount of data into a small buffer, it can corrupt memory and destabilize the affected application.

Mitigation Strategies

To mitigate this vulnerability, upgrade libde265 to version 1.1.0 or later, as this version patches the signed integer overflow issue.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49346. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart