CVE-2022-43245

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Libde265 version 1.0.8

Description The issue is related to a segmentation violation via the apply sao internal function in sao.cc, which can be exploited to cause a Denial of Service (DoS) by using a crafted video file. This can be achieved by an attacker acting remotely. The vulnerability is associated with a buffer overflow in the apply sao internal<unsigned short> function.

Recommendations For Libde265 version 1.0.8, consider updating to version 1.0.11 to fix the security issues. As a temporary workaround, consider restricting the use of the apply sao internal function in sao.cc to minimize the risk of exploitation. Avoid using crafted video files that could trigger the Denial of Service (DoS) until the issue is resolved.

Exploit

Fix

DoS

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-119

Related Identifiers

BDU:2024-01605

CVE-2022-43245

DLA-3280-1

DSA-5346-1

MGASA-2023-0093

ROSA-SA-2025-2630

ROSA-SA-2025-2631

USN-6659-1

Affected Products

Astra Linux

Libde265

Linuxmint

Ubuntu

CVE-2022-43245

Weakness Enumeration

Related Identifiers

Affected Products

References · 39