CVE-2022-43252

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Libde265 version 1.0.8

Description The issue is related to a heap-buffer-overflow vulnerability in the put epel 16 fallback() function of the Libde265 video codec implementation for h.265. This vulnerability can be exploited by a remote attacker using a specially crafted video file, potentially leading to a Denial of Service (DoS). The vulnerability is caused by the put epel 16 fallback() function in fallback-motion.cc.

Recommendations For Libde265 version 1.0.8, update to version 1.0.11 to fix the security issues. As a temporary workaround, consider restricting the use of the put epel 16 fallback() function in fallback-motion.cc until a patch is available. Avoid using crafted video files that could exploit this vulnerability.

Exploit

Fix

DoS

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

BDU:2024-01210

CVE-2022-43252

DLA-3280-1

DSA-5346-1

MGASA-2023-0093

ROSA-SA-2025-2630

ROSA-SA-2025-2631

USN-6627-1

Affected Products

Astra Linux

Libde265

Linuxmint

Ubuntu

CVE-2022-43252

Weakness Enumeration

Related Identifiers

Affected Products

References · 45