libde265 v1.0.4 contains a global buffer overflow in the decodeCABACbit function, which can be exploited via a crafted a file.
{ "urgency": "not yet assigned" }