CVE-2022-43249 in Libde265info

Summary

by MITRE • 11/02/2022

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 05/03/2025

The vulnerability identified as CVE-2022-43249 affects Libde265 version 1.0.8, a widely used open-source library for decoding h.265/HEVC video streams. This library serves as a critical component in numerous multimedia applications, video players, and streaming platforms that require h.265 video decoding capabilities. The flaw resides within the fallback-motion.cc source file, specifically in the put_epel_hv_fallback<unsigned short> function, which handles edge pixel interpolation during motion compensation operations. The vulnerability represents a heap-buffer-overflow condition that occurs when processing malformed video data, making it particularly dangerous in environments where untrusted video content is processed.

The technical implementation of this vulnerability stems from inadequate bounds checking within the motion compensation fallback mechanism. During video decoding, the library employs various interpolation methods to reconstruct missing pixel data, particularly when dealing with edge pixels in motion compensation operations. The put_epel_hv_fallback function processes horizontal and vertical edge pixel interpolation using unsigned short data types, but fails to validate array boundaries before writing data to memory locations. This oversight allows attackers to craft specially designed video files that trigger memory corruption when the library attempts to access memory beyond the allocated buffer boundaries, potentially leading to program termination or arbitrary code execution depending on memory layout and exploitation conditions.

The operational impact of this vulnerability extends beyond simple denial of service scenarios, as it creates potential attack vectors for malicious actors seeking to disrupt video processing systems. When exploited, the heap-buffer-overflow can cause applications using Libde265 to crash unexpectedly, rendering video playback services unavailable to legitimate users. This affects not only individual users but also enterprise systems, streaming platforms, and content delivery networks that rely on robust video decoding libraries. The vulnerability's exploitation requires only a crafted video file, making it particularly dangerous as it can be delivered through various attack vectors including email attachments, web downloads, or streaming services. Security researchers have classified this as a medium to high severity issue due to its potential for widespread impact across systems utilizing the affected library.

Mitigation strategies for CVE-2022-43249 should prioritize immediate library updates to versions that have addressed the buffer overflow condition. System administrators and developers should implement comprehensive patch management procedures to ensure all affected applications are updated promptly. Additionally, input validation measures should be enhanced to include strict verification of video file integrity before processing, particularly for untrusted content sources. The vulnerability aligns with CWE-121, heap-based buffer overflow, and can be mapped to ATT&CK technique T1203, Exploitation for Client Execution, when exploited in web-based scenarios. Organizations should also consider implementing sandboxing mechanisms and memory protection features such as address space layout randomization and stack canaries to reduce the potential impact of successful exploitation attempts. Regular security audits of multimedia processing pipelines and dependency management practices are essential to prevent similar vulnerabilities from emerging in other components of the video processing stack.

Reservation

10/17/2022

Disclosure

11/02/2022

Moderation

accepted

CPE

ready

EPSS

0.00844

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!