CVE-2022-43240

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Libde265 version 1.0.8

Description The issue is related to a heap-buffer-overflow vulnerability via the ff hevc put hevc qpel h 2 v 1 sse function in sse-motion.cc. This allows attackers to cause a Denial of Service (DoS) via a crafted video file. The vulnerability can be exploited by a remote attacker using a specially crafted video file, leading to a service disruption.

Recommendations For Libde265 version 1.0.8, update to version 1.0.11 to fix the security issue. As a temporary workaround, consider restricting the use of the ff hevc put hevc qpel h 2 v 1 sse function in sse-motion.cc until a patch is available. Avoid using crafted video files that could exploit the vulnerability.

Exploit

Fix

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2024-01146

CVE-2022-43240

DLA-3280-1

DSA-5346-1

MGASA-2023-0093

ROSA-SA-2025-2630

ROSA-SA-2025-2631

USN-6627-1

Affected Products

Astra Linux

Libde265

Linuxmint

Ubuntu

CVE-2022-43240

Weakness Enumeration

Related Identifiers

Affected Products

References · 44