CVE-2022-43237 in Libde265
Summary
by MITRE • 11/02/2022
Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 05/03/2025
The vulnerability CVE-2022-43237 represents a critical stack buffer overflow issue within the libde265 library version 1.0.8, specifically affecting the void put_epel_hv_fallback<unsigned short> function located in the fallback-motion.cc source file. This library serves as a crucial component for decoding h.265/HEVC video streams and is widely integrated into various multimedia applications, video players, and content management systems across multiple platforms. The flaw manifests when processing specially crafted video files that trigger the buffer overflow condition during motion compensation operations, which are fundamental to video decoding processes.
The technical implementation of this vulnerability stems from inadequate bounds checking within the motion compensation fallback functions that handle horizontal and vertical edge prediction operations. When the decoder encounters malformed video data that specifies invalid motion vector parameters or exceeds expected buffer boundaries, the unsigned short array operations in the put_epel_hv_fallback template function fail to validate input parameters properly. This results in memory corruption that overflows the allocated stack space, potentially leading to arbitrary code execution or system instability. The vulnerability is classified as a CWE-121 stack-based buffer overflow, which directly maps to the ATT&CK technique T1203 - Exploitation for Client Execution, as it enables remote code execution through crafted media files.
The operational impact of this vulnerability extends beyond simple denial of service scenarios, as it can be exploited by attackers to gain unauthorized system access or cause complete system crashes. Multimedia applications that utilize libde265 for video processing become immediately vulnerable, including web browsers, media players, content management systems, and streaming platforms. The attack vector requires minimal privileges since the vulnerability can be triggered through simple file processing, making it particularly dangerous in environments where users can upload or download video content. This weakness is especially concerning in enterprise and cloud environments where automated media processing systems may be exposed to untrusted video inputs.
Mitigation strategies for CVE-2022-43237 should prioritize immediate patching of affected libde265 installations to version 1.0.9 or later, which contains the necessary bounds checking fixes. Organizations should implement strict input validation procedures for all video file processing pipelines, including file format verification and size limitation checks. Network segmentation and access controls should be reinforced to limit exposure of vulnerable applications to untrusted inputs. Additionally, application developers should consider implementing sandboxing mechanisms and memory protection features such as stack canaries and address space layout randomization to reduce exploitability. Regular vulnerability scanning and security assessments should be conducted to identify other potential buffer overflow vulnerabilities in multimedia libraries and codecs, as similar issues may exist in related components of the video processing stack.