[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1025816: libde265: CVE-2022-43243 CVE-2022-43248 CVE-2022-43253

Source: libde265
X-Debbugs-CC: team@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for libde265.

CVE-2022-43243[0]:
| Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow
| vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-
| motion.cc. This vulnerability allows attackers to cause a Denial of
| Service (DoS) via a crafted video file.

https://github.com/strukturag/libde265/issues/339

CVE-2022-43248[1]:
| Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow
| vulnerability via put_weighted_pred_avg_16_fallback in fallback-
| motion.cc. This vulnerability allows attackers to cause a Denial of
| Service (DoS) via a crafted video file.

https://github.com/strukturag/libde265/issues/349

CVE-2022-43253[2]:
| Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow
| vulnerability via put_unweighted_pred_16_fallback in fallback-
| motion.cc. This vulnerability allows attackers to cause a Denial of
| Service (DoS) via a crafted video file.

https://github.com/strukturag/libde265/issues/348


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-43243
    https://www.cve.org/CVERecord?id=CVE-2022-43243
[1] https://security-tracker.debian.org/tracker/CVE-2022-43248
    https://www.cve.org/CVERecord?id=CVE-2022-43248
[2] https://security-tracker.debian.org/tracker/CVE-2022-43253
    https://www.cve.org/CVERecord?id=CVE-2022-43253

Please adjust the affected versions in the BTS as needed.
Reply to: