CVE-2022-47655

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Libde265 version 1.0.9

Description The issue is related to a buffer overflow in the put qpel fallback() function of the Libde265 video codec implementation. This can allow an attacker to access confidential data, compromise data integrity, and cause a denial of service. The estimated number of potentially affected devices and details about real-world incidents are not provided.

Recommendations For Libde265 version 1.0.9, update to version 1.0.11 to fix the security issues. As a temporary workaround, consider disabling the put qpel fallback() function until a patch is available.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2023-1213

BDU:2024-07327

CVE-2022-47655

DLA-3280-1

DSA-5346-1

MGASA-2023-0093

Affected Products

Alt Linux

Astra Linux

Libde265

CVE-2022-47655

Weakness Enumeration

Related Identifiers

Affected Products

References · 24