libde265 NULL Pointer Dereference Vulnerability in PPS NAL Unit Handling

A NULL pointer dereference vulnerability has been identified in libde265, an open-source implementation of the H.265 video codec, in versions through 1.0.16. This vulnerability arises when a malformed H.265 Picture Parameter Set (PPS) NAL unit is processed, leading to a segmentation fault in the 'pic_parameter_set::set_derived_values()' function. The issue was discovered through fuzz testing with AFL++ and can cause applications that use libde265, such as VLC, GStreamer, and Kodi, to crash when handling malformed H.265 input.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a crash of the application using libde265.

Reproduction

The vulnerability can be reproduced by building libde265 version 1.0.16 from the latest master branch, and then running the 'dec265' binary with a crafted H.265 file that contains a malformed PPS NAL unit. This will trigger a segmentation fault, causing the application to crash.

Remediation

Users can upgrade to libde265 version 1.0.17 or later, where this vulnerability has been patched.