First published: Wed Nov 02 2022(Updated: )
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Struktur Libde265 | =1.0.8 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
ubuntu/libde265 | <1.0.2-2ubuntu0.18.04.1~ | 1.0.2-2ubuntu0.18.04.1~ |
ubuntu/libde265 | <1.0.4-1ubuntu0.2 | 1.0.4-1ubuntu0.2 |
ubuntu/libde265 | <1.0.8-1ubuntu0.1 | 1.0.8-1ubuntu0.1 |
ubuntu/libde265 | <1.0.2-2ubuntu0.16.04.1~ | 1.0.2-2ubuntu0.16.04.1~ |
debian/libde265 | <=1.0.3-1 | 1.0.11-0+deb10u6 1.0.11-0+deb11u3 1.0.11-0+deb11u1 1.0.11-1+deb12u2 1.0.15-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-43235 is a heap-buffer-overflow vulnerability in Libde265 v1.0.8.
CVE-2022-43235 can be exploited by attackers through a crafted video file to cause a Denial of Service (DoS).
CVE-2022-43235 has a severity rating of high, with a severity value of 7.
The affected software versions include libde265 v1.0.8 up to (inclusive) v1.0.11-1.
To fix CVE-2022-43235, update to libde265 version 1.0.11-0+deb10u4, 1.0.11-0+deb11u1, 1.0.11-1, or 1.0.12-1.