PT-2022-7270 · Libde265+3 · Libde265+3
Peng Deng
·
Published
2022-02-11
·
Updated
2025-01-28
·
CVE-2022-43249
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Libde265 version 1.0.8
Description
The issue is related to a heap-buffer-overflow vulnerability via the
put epel hv fallback function in fallback-motion.cc. This allows attackers to cause a Denial of Service (DoS) via a crafted video file. The vulnerability is associated with a buffer overflow, which can be exploited by a remote attacker using a specially crafted file.Recommendations
For Libde265 version 1.0.8, consider updating to version 1.0.11 or later to fix the security issue. As a temporary workaround, consider restricting the use of the
put epel hv fallback function in fallback-motion.cc to minimize the risk of exploitation. Avoid using crafted video files that could trigger the Denial of Service (DoS) until the issue is resolved.Exploit
Fix
DoS
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Libde265
Linuxmint
Ubuntu