CVE-2020-21596: 
NixOS vulnerability analysis and mitigation

libde265 v1.0.4 contains a global buffer overflow vulnerability in the decodeCABACbit function, which was discovered and tracked as CVE-2020-21596. The vulnerability affects the open-source H.265 video codec implementation and can be exploited through a specially crafted file (NVD, GitHub Issue).

The vulnerability is classified as a global buffer overflow that occurs in the decodeCABACbit function of libde265. It has been assigned a CVSS v3.1 base score of 6.5 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The attack requires user interaction and can be triggered remotely through a maliciously crafted file (NVD).

When exploited, this vulnerability can lead to a denial of service condition or potentially allow arbitrary code execution when processing malformed media files (Debian Security).

The vulnerability has been fixed in multiple distributions: Ubuntu 20.04 LTS (version 1.0.4-1ubuntu0.1), Ubuntu 18.04 LTS (version 1.0.2-2ubuntu0.18.04.1~esm1), and Debian 11 bullseye (version 1.0.11-0+deb11u1). Users are recommended to upgrade their libde265 packages to the latest available versions (Ubuntu Notice, Debian Security).