CVE-2022-43243: n/a in n/a
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
AI Analysis
Technical Summary
CVE-2022-43243 is a heap-buffer-overflow vulnerability identified in libde265 version 1.0.8, specifically within the function ff_hevc_put_weighted_pred_avg_8_sse located in the sse-motion.cc source file. Libde265 is an open-source H.265/HEVC video decoder library used to decode HEVC video streams. The vulnerability arises due to improper handling of memory buffers during the processing of weighted prediction averages in the SSE-optimized motion compensation code path. An attacker can exploit this flaw by crafting a malicious HEVC video file that triggers the heap-buffer-overflow condition when decoded by the vulnerable libde265 library. This overflow can lead to a Denial of Service (DoS) condition, causing the application or service using libde265 to crash or become unresponsive. The vulnerability has a CVSS v3.1 base score of 6.5 (medium severity), with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requires user interaction (UI:R) to open or process the malicious video file. The impact is limited to availability (A:H), with no confidentiality or integrity impact. There are no known exploits in the wild, and no official patches have been linked in the provided information. The vulnerability is classified under CWE-787 (Out-of-bounds Write). Given libde265's role as a decoding library, this vulnerability primarily affects software and devices that incorporate libde265 for HEVC video decoding, such as media players, streaming applications, and embedded systems handling video content.
Potential Impact
For European organizations, the primary impact of CVE-2022-43243 is the potential disruption of services that rely on libde265 for video decoding. This includes media companies, broadcasters, streaming platforms, and any enterprise using video conferencing or video processing tools that embed this library. A successful exploitation could cause application crashes or service interruptions, leading to denial of service conditions that affect availability. While the vulnerability does not compromise confidentiality or integrity, the disruption could impact business continuity, customer experience, and operational workflows, especially in sectors heavily dependent on video content delivery or processing. Additionally, embedded devices or IoT systems using libde265 might be susceptible, potentially affecting industrial or consumer devices within European markets. However, the requirement for user interaction (opening a crafted video file) limits the risk to scenarios where users are exposed to untrusted video content.
Mitigation Recommendations
European organizations should take the following specific mitigation steps: 1) Inventory and identify all software and devices that incorporate libde265, particularly version 1.0.8 or earlier. 2) Monitor vendor advisories and community repositories for patches or updated versions of libde265 that address this vulnerability, and apply updates promptly once available. 3) Implement strict content filtering and validation controls to prevent untrusted or suspicious video files from being opened or processed by end users or automated systems. 4) Employ application whitelisting and sandboxing techniques for media players and video processing applications to limit the impact of potential crashes. 5) Educate users about the risks of opening video files from untrusted sources to reduce the likelihood of triggering the vulnerability. 6) For embedded systems, consider firmware updates or vendor support to mitigate the vulnerability. 7) Use runtime protection tools that can detect and block heap-buffer-overflow attempts during video decoding operations.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2022-43243: n/a in n/a
Description
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
AI-Powered Analysis
Technical Analysis
CVE-2022-43243 is a heap-buffer-overflow vulnerability identified in libde265 version 1.0.8, specifically within the function ff_hevc_put_weighted_pred_avg_8_sse located in the sse-motion.cc source file. Libde265 is an open-source H.265/HEVC video decoder library used to decode HEVC video streams. The vulnerability arises due to improper handling of memory buffers during the processing of weighted prediction averages in the SSE-optimized motion compensation code path. An attacker can exploit this flaw by crafting a malicious HEVC video file that triggers the heap-buffer-overflow condition when decoded by the vulnerable libde265 library. This overflow can lead to a Denial of Service (DoS) condition, causing the application or service using libde265 to crash or become unresponsive. The vulnerability has a CVSS v3.1 base score of 6.5 (medium severity), with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requires user interaction (UI:R) to open or process the malicious video file. The impact is limited to availability (A:H), with no confidentiality or integrity impact. There are no known exploits in the wild, and no official patches have been linked in the provided information. The vulnerability is classified under CWE-787 (Out-of-bounds Write). Given libde265's role as a decoding library, this vulnerability primarily affects software and devices that incorporate libde265 for HEVC video decoding, such as media players, streaming applications, and embedded systems handling video content.
Potential Impact
For European organizations, the primary impact of CVE-2022-43243 is the potential disruption of services that rely on libde265 for video decoding. This includes media companies, broadcasters, streaming platforms, and any enterprise using video conferencing or video processing tools that embed this library. A successful exploitation could cause application crashes or service interruptions, leading to denial of service conditions that affect availability. While the vulnerability does not compromise confidentiality or integrity, the disruption could impact business continuity, customer experience, and operational workflows, especially in sectors heavily dependent on video content delivery or processing. Additionally, embedded devices or IoT systems using libde265 might be susceptible, potentially affecting industrial or consumer devices within European markets. However, the requirement for user interaction (opening a crafted video file) limits the risk to scenarios where users are exposed to untrusted video content.
Mitigation Recommendations
European organizations should take the following specific mitigation steps: 1) Inventory and identify all software and devices that incorporate libde265, particularly version 1.0.8 or earlier. 2) Monitor vendor advisories and community repositories for patches or updated versions of libde265 that address this vulnerability, and apply updates promptly once available. 3) Implement strict content filtering and validation controls to prevent untrusted or suspicious video files from being opened or processed by end users or automated systems. 4) Employ application whitelisting and sandboxing techniques for media players and video processing applications to limit the impact of potential crashes. 5) Educate users about the risks of opening video files from untrusted sources to reduce the likelihood of triggering the vulnerability. 6) For embedded systems, consider firmware updates or vendor support to mitigate the vulnerability. 7) Use runtime protection tools that can detect and block heap-buffer-overflow attempts during video decoding operations.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-10-17T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d981fc4522896dcbdcadb
Added to database: 5/21/2025, 9:08:47 AM
Last enriched: 7/7/2025, 1:40:50 AM
Last updated: 8/6/2025, 10:40:46 AM
Views: 19
Related Threats
CVE-2025-43735: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Liferay Portal
MediumCVE-2025-40770: CWE-300: Channel Accessible by Non-Endpoint in Siemens SINEC Traffic Analyzer
HighCVE-2025-40769: CWE-1164: Irrelevant Code in Siemens SINEC Traffic Analyzer
HighCVE-2025-40768: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in Siemens SINEC Traffic Analyzer
HighCVE-2025-40767: CWE-250: Execution with Unnecessary Privileges in Siemens SINEC Traffic Analyzer
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.