CVE-2022-43236: n/a in n/a
Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
AI Analysis
Technical Summary
CVE-2022-43236 is a stack-buffer-overflow vulnerability identified in libde265 version 1.0.8, specifically within the function put_qpel_fallback<unsigned short> in the fallback-motion.cc source file. Libde265 is an open-source H.265/HEVC video decoder library used to decode video streams encoded in the HEVC format. The vulnerability arises due to improper handling of crafted video data, which leads to a stack-based buffer overflow. An attacker can exploit this flaw by delivering a maliciously crafted video file that triggers the overflow during the decoding process. This results in a Denial of Service (DoS) condition, causing the application or service using libde265 to crash or become unresponsive. The vulnerability does not affect confidentiality or integrity directly but impacts availability. The CVSS v3.1 base score is 6.5 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), and high impact on availability (A:H). No known exploits are currently reported in the wild, and no patches or vendor-specific products are explicitly mentioned. The vulnerability affects libde265 version 1.0.8, which is commonly integrated into multimedia applications, media players, and streaming platforms that support HEVC video decoding.
Potential Impact
For European organizations, the primary impact of CVE-2022-43236 is service disruption due to application crashes when processing malicious HEVC video files. Organizations relying on software or services that incorporate libde265 for video decoding—such as media companies, broadcasters, streaming service providers, and any enterprise using video conferencing or video processing tools—may experience denial of service conditions. This can lead to operational downtime, degraded user experience, and potential loss of revenue or reputation. While the vulnerability does not allow data theft or code execution, the DoS can be leveraged in targeted attacks to disrupt critical media infrastructure or communication channels. Given the increasing use of HEVC video in content delivery and conferencing, the risk is non-negligible. Additionally, if libde265 is embedded in security-sensitive environments (e.g., video surveillance systems), the DoS could impair monitoring capabilities. The requirement for user interaction (opening or processing a crafted video file) limits the attack vector primarily to scenarios where users receive or access untrusted video content.
Mitigation Recommendations
Organizations should identify all software and systems using libde265 version 1.0.8 and assess their exposure. Since no official patch links are provided, it is recommended to: 1) Upgrade libde265 to a version where this vulnerability is fixed, if available, or apply vendor patches if using third-party products embedding libde265. 2) Implement strict validation and sanitization of video files before processing, including sandboxing video decoding operations to contain potential crashes. 3) Employ application-level controls to restrict or monitor the opening of untrusted or unsolicited video files, especially from external sources. 4) Use network-level protections such as email and web gateways to filter potentially malicious video attachments or downloads. 5) Monitor application logs and system stability for signs of crashes related to video decoding. 6) Engage with software vendors to confirm patch availability and timelines. 7) Consider deploying runtime protection tools that can detect and mitigate buffer overflow attempts during video decoding. These steps go beyond generic advice by focusing on the specific context of video file handling and the integration of libde265 in enterprise environments.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2022-43236: n/a in n/a
Description
Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
AI-Powered Analysis
Technical Analysis
CVE-2022-43236 is a stack-buffer-overflow vulnerability identified in libde265 version 1.0.8, specifically within the function put_qpel_fallback<unsigned short> in the fallback-motion.cc source file. Libde265 is an open-source H.265/HEVC video decoder library used to decode video streams encoded in the HEVC format. The vulnerability arises due to improper handling of crafted video data, which leads to a stack-based buffer overflow. An attacker can exploit this flaw by delivering a maliciously crafted video file that triggers the overflow during the decoding process. This results in a Denial of Service (DoS) condition, causing the application or service using libde265 to crash or become unresponsive. The vulnerability does not affect confidentiality or integrity directly but impacts availability. The CVSS v3.1 base score is 6.5 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), and high impact on availability (A:H). No known exploits are currently reported in the wild, and no patches or vendor-specific products are explicitly mentioned. The vulnerability affects libde265 version 1.0.8, which is commonly integrated into multimedia applications, media players, and streaming platforms that support HEVC video decoding.
Potential Impact
For European organizations, the primary impact of CVE-2022-43236 is service disruption due to application crashes when processing malicious HEVC video files. Organizations relying on software or services that incorporate libde265 for video decoding—such as media companies, broadcasters, streaming service providers, and any enterprise using video conferencing or video processing tools—may experience denial of service conditions. This can lead to operational downtime, degraded user experience, and potential loss of revenue or reputation. While the vulnerability does not allow data theft or code execution, the DoS can be leveraged in targeted attacks to disrupt critical media infrastructure or communication channels. Given the increasing use of HEVC video in content delivery and conferencing, the risk is non-negligible. Additionally, if libde265 is embedded in security-sensitive environments (e.g., video surveillance systems), the DoS could impair monitoring capabilities. The requirement for user interaction (opening or processing a crafted video file) limits the attack vector primarily to scenarios where users receive or access untrusted video content.
Mitigation Recommendations
Organizations should identify all software and systems using libde265 version 1.0.8 and assess their exposure. Since no official patch links are provided, it is recommended to: 1) Upgrade libde265 to a version where this vulnerability is fixed, if available, or apply vendor patches if using third-party products embedding libde265. 2) Implement strict validation and sanitization of video files before processing, including sandboxing video decoding operations to contain potential crashes. 3) Employ application-level controls to restrict or monitor the opening of untrusted or unsolicited video files, especially from external sources. 4) Use network-level protections such as email and web gateways to filter potentially malicious video attachments or downloads. 5) Monitor application logs and system stability for signs of crashes related to video decoding. 6) Engage with software vendors to confirm patch availability and timelines. 7) Consider deploying runtime protection tools that can detect and mitigate buffer overflow attempts during video decoding. These steps go beyond generic advice by focusing on the specific context of video file handling and the integration of libde265 in enterprise environments.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-10-17T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9837c4522896dcbeb894
Added to database: 5/21/2025, 9:09:11 AM
Last enriched: 6/26/2025, 4:26:53 AM
Last updated: 8/15/2025, 9:55:43 PM
Views: 8
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.