CVE-2022-43238

Name of the Vulnerable Software and Affected Versions Libde265 version 1.0.8

Description The issue is related to the ff hevc put hevc qpel h 3 v 3 sse() function in the Libde265 video codec implementation, which can cause a buffer overflow in memory. This can be exploited by a remote attacker using a specially crafted video file to cause a Denial of Service (DoS). The vulnerability allows attackers to cause a crash via the ff hevc put hevc qpel h 3 v 3 sse() function in sse-motion.cc.

Recommendations For Libde265 version 1.0.8, update to version 1.0.11 to fix the security issue. As a temporary workaround, consider disabling the ff hevc put hevc qpel h 3 v 3 sse() function until a patch is available. Restrict access to the sse-motion.cc module to minimize the risk of exploitation. Avoid using crafted video files that can trigger the Denial of Service (DoS) until the issue is resolved.