Bug#1025816: libde265: CVE-2022-43243 CVE-2022-43248 CVE-2022-43253
Source: libde265
X-Debbugs-CC: team@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for libde265.
CVE-2022-43243[0]:
| Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow
| vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-
| motion.cc. This vulnerability allows attackers to cause a Denial of
| Service (DoS) via a crafted video file.
https://github.com/strukturag/libde265/issues/339
CVE-2022-43248[1]:
| Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow
| vulnerability via put_weighted_pred_avg_16_fallback in fallback-
| motion.cc. This vulnerability allows attackers to cause a Denial of
| Service (DoS) via a crafted video file.
https://github.com/strukturag/libde265/issues/349
CVE-2022-43253[2]:
| Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow
| vulnerability via put_unweighted_pred_16_fallback in fallback-
| motion.cc. This vulnerability allows attackers to cause a Denial of
| Service (DoS) via a crafted video file.
https://github.com/strukturag/libde265/issues/348
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-43243
https://www.cve.org/CVERecord?id=CVE-2022-43243
[1] https://security-tracker.debian.org/tracker/CVE-2022-43248
https://www.cve.org/CVERecord?id=CVE-2022-43248
[2] https://security-tracker.debian.org/tracker/CVE-2022-43253
https://www.cve.org/CVERecord?id=CVE-2022-43253
Please adjust the affected versions in the BTS as needed.
Reply to: