CVE-2022-43250: n/a in n/a
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
AI Analysis
Technical Summary
CVE-2022-43250 is a heap-buffer-overflow vulnerability identified in libde265 version 1.0.8, specifically within the function put_qpel_0_0_fallback_16 located in the fallback-motion.cc source file. Libde265 is an open-source H.265/HEVC video decoder library used to decode video streams encoded in the HEVC format. The vulnerability arises from improper bounds checking when processing certain motion compensation operations, leading to a heap buffer overflow. An attacker can exploit this flaw by crafting a maliciously designed video file that triggers the vulnerable code path during decoding. Successful exploitation results in a Denial of Service (DoS) condition, causing the application or service using libde265 to crash or become unresponsive. According to the CVSS v3.1 scoring, this vulnerability has a score of 6.5 (medium severity), with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R), and impacting availability only (A:H) without affecting confidentiality or integrity. There are no known public exploits in the wild, and no patches or vendor advisories are currently linked. The vulnerability is categorized under CWE-787 (Out-of-bounds Write), indicating a classic memory corruption issue that can destabilize the target process. Since libde265 is a library, the impact depends on its integration into various multimedia applications, media players, or streaming services that decode HEVC video content. The requirement for user interaction implies that an end-user must open or play the crafted video file for exploitation to occur. The scope is unchanged, meaning the impact is limited to the vulnerable component without privilege escalation or broader system compromise.
Potential Impact
For European organizations, the primary impact of CVE-2022-43250 is the potential disruption of services that rely on libde265 for HEVC video decoding. This includes media streaming platforms, video conferencing tools, digital signage systems, and any multimedia applications embedded in enterprise environments. A successful DoS attack could interrupt business operations, degrade user experience, or cause service outages, particularly in sectors heavily dependent on video content such as broadcasting, telecommunications, education, and public services. Although the vulnerability does not compromise confidentiality or integrity, availability impacts can lead to operational downtime and potential reputational damage. Given the requirement for user interaction, phishing or social engineering campaigns distributing malicious video files could be a vector, especially targeting employees or customers. The absence of known exploits reduces immediate risk, but the medium severity score and ease of exploitation via crafted media files warrant proactive mitigation. Organizations processing large volumes of HEVC video or integrating libde265 in critical systems should prioritize addressing this vulnerability to maintain service continuity.
Mitigation Recommendations
1. Identify and inventory all applications and services within the organization that utilize libde265 for HEVC decoding. 2. Monitor vendor and open-source project repositories for official patches or updates addressing CVE-2022-43250 and apply them promptly once available. 3. Until patches are released, consider implementing application-level mitigations such as sandboxing or isolating video decoding processes to contain potential crashes and prevent escalation. 4. Employ network and endpoint security controls to detect and block suspicious video files, especially those received via email or downloaded from untrusted sources. 5. Educate users about the risks of opening unsolicited or unexpected video files, emphasizing caution with media received from unknown or unverified senders. 6. Use runtime protection tools or memory safety mechanisms (e.g., ASLR, DEP) to reduce the impact of memory corruption vulnerabilities. 7. For critical systems, consider temporarily disabling HEVC decoding features or replacing libde265 with alternative, patched decoders if feasible. 8. Implement robust logging and monitoring to detect abnormal application crashes or service disruptions related to video processing components.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2022-43250: n/a in n/a
Description
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
AI-Powered Analysis
Technical Analysis
CVE-2022-43250 is a heap-buffer-overflow vulnerability identified in libde265 version 1.0.8, specifically within the function put_qpel_0_0_fallback_16 located in the fallback-motion.cc source file. Libde265 is an open-source H.265/HEVC video decoder library used to decode video streams encoded in the HEVC format. The vulnerability arises from improper bounds checking when processing certain motion compensation operations, leading to a heap buffer overflow. An attacker can exploit this flaw by crafting a maliciously designed video file that triggers the vulnerable code path during decoding. Successful exploitation results in a Denial of Service (DoS) condition, causing the application or service using libde265 to crash or become unresponsive. According to the CVSS v3.1 scoring, this vulnerability has a score of 6.5 (medium severity), with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R), and impacting availability only (A:H) without affecting confidentiality or integrity. There are no known public exploits in the wild, and no patches or vendor advisories are currently linked. The vulnerability is categorized under CWE-787 (Out-of-bounds Write), indicating a classic memory corruption issue that can destabilize the target process. Since libde265 is a library, the impact depends on its integration into various multimedia applications, media players, or streaming services that decode HEVC video content. The requirement for user interaction implies that an end-user must open or play the crafted video file for exploitation to occur. The scope is unchanged, meaning the impact is limited to the vulnerable component without privilege escalation or broader system compromise.
Potential Impact
For European organizations, the primary impact of CVE-2022-43250 is the potential disruption of services that rely on libde265 for HEVC video decoding. This includes media streaming platforms, video conferencing tools, digital signage systems, and any multimedia applications embedded in enterprise environments. A successful DoS attack could interrupt business operations, degrade user experience, or cause service outages, particularly in sectors heavily dependent on video content such as broadcasting, telecommunications, education, and public services. Although the vulnerability does not compromise confidentiality or integrity, availability impacts can lead to operational downtime and potential reputational damage. Given the requirement for user interaction, phishing or social engineering campaigns distributing malicious video files could be a vector, especially targeting employees or customers. The absence of known exploits reduces immediate risk, but the medium severity score and ease of exploitation via crafted media files warrant proactive mitigation. Organizations processing large volumes of HEVC video or integrating libde265 in critical systems should prioritize addressing this vulnerability to maintain service continuity.
Mitigation Recommendations
1. Identify and inventory all applications and services within the organization that utilize libde265 for HEVC decoding. 2. Monitor vendor and open-source project repositories for official patches or updates addressing CVE-2022-43250 and apply them promptly once available. 3. Until patches are released, consider implementing application-level mitigations such as sandboxing or isolating video decoding processes to contain potential crashes and prevent escalation. 4. Employ network and endpoint security controls to detect and block suspicious video files, especially those received via email or downloaded from untrusted sources. 5. Educate users about the risks of opening unsolicited or unexpected video files, emphasizing caution with media received from unknown or unverified senders. 6. Use runtime protection tools or memory safety mechanisms (e.g., ASLR, DEP) to reduce the impact of memory corruption vulnerabilities. 7. For critical systems, consider temporarily disabling HEVC decoding features or replacing libde265 with alternative, patched decoders if feasible. 8. Implement robust logging and monitoring to detect abnormal application crashes or service disruptions related to video processing components.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-10-17T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9837c4522896dcbeb8d0
Added to database: 5/21/2025, 9:09:11 AM
Last enriched: 6/26/2025, 4:15:51 AM
Last updated: 8/6/2025, 10:47:50 PM
Views: 14
Related Threats
CVE-2025-49559: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) in Adobe Adobe Commerce
MediumCVE-2025-49558: Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) in Adobe Adobe Commerce
MediumCVE-2025-49557: Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Adobe Commerce
HighCVE-2025-49556: Incorrect Authorization (CWE-863) in Adobe Adobe Commerce
HighCVE-2025-49555: Cross-Site Request Forgery (CSRF) (CWE-352) in Adobe Adobe Commerce
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.