Home / Vulnerability Intelligence / CVE-2026-33165

CVE-2026-33165 - Vulnerability Analysis

MediumCVSS: 5.5

Last Updated: March 23, 2026

libde265 - Out of Bounds Read/Write

Published: March 20, 2026Updated: March 23, 2026PoC Available

Overview

libde265 < 1.0.17 contains a buffer overflow caused by stale ctb_info.log2unitSize after SPS change in HEVC bitstream, letting attackers cause out-of-bounds heap write, exploit requires crafted HEVC bitstream.

Severity & Score

Severity: Medium

CVSS Score: 5.5

Impact

Attackers can cause out-of-bounds heap write, potentially leading to memory corruption or denial of service.

Mitigation

Update to version 1.0.17 or later.

References

https://github.com/strukturag/libde265/releases/tag/v1.0.17
https://github.com/strukturag/libde265/security/advisories/GHSA-653q-9f73-8hvg
https://github.com/strukturag/libde265/commit/c7891e412106130b83f8e8ea8b7f907e9449b658

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-33165
Severity: Medium
CVSS Score: 5.5
Type: out_of_bounds_rw
Status: confirmed

CWE

CWE-787

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H