Segmentation Fault in H.265 Video Codec by strukturag
CVE-2026-33164

8.7HIGH

Key Information:

Vendor: Strukturag
Status: Libde265
Vendor: CVE Published:; 20 March 2026

What is CVE-2026-33164?

The libde265 library, which implements the H.265 video codec, is susceptible to a vulnerability where a malformed H.265 PPS NAL unit triggers a segmentation fault in the function pic_parameter_set::set_derived_values(). This flaw can compromise the stability of applications relying on the library. A fix has been issued in version 1.0.17, addressing this issue to enhance the software’s resilience against similar adversarial inputs. Developers and users are highly encouraged to update to the latest version to mitigate risks.

Affected Version(s)

libde265 < 1.0.17

References

https://github.com/strukturag/libde265/security/advisorie...

x_refsource_CONFIRM

https://github.com/strukturag/libde265/releases/tag/v1.0.17

x_refsource_MISC

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2026
Vulnerability Reserved
Mar 17, 2026

CVE-2026-33164 Data

JSON

Strukturag

What is CVE-2026-33164?

Affected Version(s)

References

CVSS V4

Timeline