PT-2022-6510 · Libde265+3 · Libde265+3
Xidoo123
·
Published
2022-12-18
·
Updated
2025-03-07
·
CVE-2022-47664
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Libde265 version 1.0.9
Description
The issue is related to a buffer overflow in the
ff hevc put hevc qpel pixels 8 sse function of the Libde265 h.265 video codec implementation. This vulnerability is caused by copying a buffer without checking the size of the input data. Exploitation of this issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information.Recommendations
For Libde265 version 1.0.9, update to version 1.0.11 to fix the security issues.
As a temporary workaround, consider disabling the
ff hevc put hevc qpel pixels 8 sse function until a patch is available.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Libde265
Red Os