Skip to main content

Libde265 CVE-2022-43250

MEDIUM
Out-of-bounds Write (CWE-787)
2022-11-02 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 02, 2022 - 14:15 nvd
MEDIUM 6.5

DescriptionNVD

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

AnalysisAI

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. Affected products include: Struktur Libde265, Debian Debian Linux.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2022-1253 CRITICAL POC
9.8 Apr 06

Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. Rated critical severit

CVE-2023-49468 HIGH POC
8.8 Dec 07

Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at sl

CVE-2023-49467 HIGH POC
8.8 Dec 07

Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merg

CVE-2023-49465 HIGH POC
8.8 Dec 07

Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_predic

CVE-2023-27103 HIGH POC
8.8 Mar 15

Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at m

CVE-2023-43887 HIGH POC
8.1 Nov 22

Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameter

CVE-2023-25221 HIGH POC
7.8 Mar 01

Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_predic

CVE-2024-38950 MEDIUM POC
6.5 Jun 26

Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to

CVE-2023-27102 MEDIUM POC
6.5 Mar 15

Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segm

CVE-2023-24751 MEDIUM POC
6.5 Mar 01

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. Rated medi

CVE-2022-43253 MEDIUM POC
6.5 Nov 02

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fa

CVE-2022-43252 MEDIUM POC
6.5 Nov 02

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-moti

Share

CVE-2022-43250 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy