CVE-2025-61147 Overview
A segmentation fault vulnerability was discovered in strukturag libde265, an open-source implementation of the H.265 (HEVC) video codec. The vulnerability exists in the decoder_context::compute_framedrop_table() component and can be triggered when processing malformed input, leading to a denial of service condition.
Critical Impact
Attackers can cause application crashes by exploiting this segmentation fault vulnerability, potentially disrupting video processing services and applications that rely on libde265 for H.265 decoding.
Affected Products
- strukturag libde265 (commit d9fea9d and prior versions)
- Applications and services utilizing libde265 for HEVC/H.265 video decoding
- Software packages that bundle vulnerable versions of libde265
Discovery Timeline
- 2026-02-23 - CVE-2025-61147 published to NVD
- 2026-02-24 - Last updated in NVD database
Technical Details for CVE-2025-61147
Vulnerability Analysis
This vulnerability is classified under CWE-120 (Buffer Copy without Checking Size of Input), also known as a classic buffer overflow vulnerability. The segmentation fault occurs within the decoder_context::compute_framedrop_table() function, which is responsible for computing frame drop tables during the video decoding process.
The vulnerability requires local access to exploit, meaning an attacker would need to provide a specially crafted input file to the decoder. While no authentication or user interaction is required to trigger the flaw, the impact is limited to availability—causing a denial of service through application crashes. There is no impact to confidentiality or integrity.
Root Cause
The root cause stems from improper handling of input parameters within the decoder context. Specifically, the compute_framedrop_table() function fails to properly validate integer parameters from command line input before processing, leading to memory access violations when malformed or unexpected values are provided.
The security patch indicates that the fix involves adding checks for valid integer command line parameters, suggesting the vulnerability could be triggered by supplying invalid numeric arguments that cause out-of-bounds memory access during frame drop table computation.
Attack Vector
The attack vector requires local access where an attacker must provide a malicious input file or crafted command line parameters to the libde265 decoder. This could occur through:
- Processing a maliciously crafted H.265/HEVC video file
- Supplying invalid command line arguments to the dec265 decoder utility
- Providing untrusted video content to applications using the libde265 library
The security patch implements additional input validation and upgrades the C++ standard from C++11 to C++17 to leverage modern language features for safer handling:
VERSION 1.0.16
)
-set(CMAKE_CXX_STANDARD 11)
+set(CMAKE_CXX_STANDARD 17)
set(CMAKE_CXX_STANDARD_REQUIRED ON)
set(CMAKE_CXX_EXTENSIONS OFF)
set(CMAKE_POSITION_INDEPENDENT_CODE ON)
Source: GitHub Commit Update
The decoder source code was also updated to include proper exception handling:
#define DO_MEMORY_LOGGING 0
#include "de265.h"
+#include <stdexcept>
+#include <iostream>
+#include <optional>
+
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
Source: GitHub Commit Update
Detection Methods for CVE-2025-61147
Indicators of Compromise
- Unexpected application crashes or segmentation faults in processes using libde265
- Core dumps containing references to decoder_context::compute_framedrop_table() in the stack trace
- Repeated decoder failures when processing specific H.265/HEVC video files
Detection Strategies
- Monitor for abnormal process terminations in applications utilizing libde265 for video decoding
- Implement file integrity monitoring for libde265 library files to detect unauthorized modifications
- Review application logs for recurring segmentation fault errors associated with video processing operations
Monitoring Recommendations
- Configure crash reporting systems to alert on repeated segfaults in video processing components
- Implement resource monitoring to detect denial of service patterns affecting video decoding services
- Set up automated vulnerability scanning to identify systems running vulnerable versions of libde265
How to Mitigate CVE-2025-61147
Immediate Actions Required
- Upgrade libde265 to a version containing commit 8b17e0930f77db07f55e0b89399a8f054ddbecf7 or later
- Audit systems to identify all applications and services utilizing libde265
- Implement input validation for video files before processing with potentially vulnerable decoder versions
- Consider temporarily disabling H.265 decoding capabilities if immediate patching is not feasible
Patch Information
The vulnerability has been addressed in the libde265 repository. The fix is available in commit 8b17e0930f77db07f55e0b89399a8f054ddbecf7 which adds checks for valid integer command line parameters. For technical details and discussion, refer to the GitHub Issue Discussion. Additional proof-of-concept information is available via the GitHub Gist Code Example.
Workarounds
- Restrict access to the libde265 decoder to trusted users and processes only
- Implement sandboxing or containerization for video processing applications to limit the impact of potential crashes
- Validate all video input files against known-good formats before processing with libde265
# Configuration example
# Verify libde265 version and update if necessary
# Check current libde265 installation
ldconfig -p | grep libde265
# Clone and build patched version
git clone https://github.com/strukturag/libde265.git
cd libde265
git checkout 8b17e0930f77db07f55e0b89399a8f054ddbecf7
mkdir build && cd build
cmake ..
make && sudo make install
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
