A vulnerability was found in strukturag libde265 up to 1.0.19 . It has been rated as critical . This impacts the function decoder_context::process_reference_picture_set of the file libde265/decctx.cc . The manipulation leads to out-of-bounds write. This vulnerability is documented as CVE-2026-49295 . The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.