Source: libde265 X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerabilities were published for libde265. CVE-2022-43235[0]: | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow | vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. | This vulnerability allows attackers to cause a Denial of Service (DoS) | via a crafted video file. https://github.com/strukturag/libde265/issues/337 CVE-2022-43236[1]: | Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow | vulnerability via put_qpel_fallback<unsigned short> in fallback- | motion.cc. This vulnerability allows attackers to cause a Denial of | Service (DoS) via a crafted video file. https://github.com/strukturag/libde265/issues/343 CVE-2022-43237[2]: | Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow | vulnerability via void put_epel_hv_fallback<unsigned short> in | fallback-motion.cc. This vulnerability allows attackers to cause a | Denial of Service (DoS) via a crafted video file. https://github.com/strukturag/libde265/issues/344 CVE-2022-43238[3]: | Libde265 v1.0.8 was discovered to contain an unknown crash via | ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This vulnerability | allows attackers to cause a Denial of Service (DoS) via a crafted | video file. https://github.com/strukturag/libde265/issues/338 CVE-2022-43239[4]: | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow | vulnerability via mc_chroma<unsigned short> in motion.cc. This | vulnerability allows attackers to cause a Denial of Service (DoS) via | a crafted video file. https://github.com/strukturag/libde265/issues/341 CVE-2022-43240[5]: | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow | vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. | This vulnerability allows attackers to cause a Denial of Service (DoS) | via a crafted video file. https://github.com/strukturag/libde265/issues/335 CVE-2022-43241[6]: | Libde265 v1.0.8 was discovered to contain an unknown crash via | ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability | allows attackers to cause a Denial of Service (DoS) via a crafted | video file. https://github.com/strukturag/libde265/issues/335 CVE-2022-43242[7]: | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow | vulnerability via mc_luma<unsigned char> in motion.cc. This | vulnerability allows attackers to cause a Denial of Service (DoS) via | a crafted video file. https://github.com/strukturag/libde265/issues/340 CVE-2022-43244[8]: | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow | vulnerability via put_qpel_fallback<unsigned short> in fallback- | motion.cc. This vulnerability allows attackers to cause a Denial of | Service (DoS) via a crafted video file. https://github.com/strukturag/libde265/issues/342 CVE-2022-43245[9]: | Libde265 v1.0.8 was discovered to contain a segmentation violation via | apply_sao_internal<unsigned short> in sao.cc. This vulnerability | allows attackers to cause a Denial of Service (DoS) via a crafted | video file. https://github.com/strukturag/libde265/issues/352 CVE-2022-43249[10]: | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow | vulnerability via put_epel_hv_fallback<unsigned short> in | fallback-motion.cc. This vulnerability allows attackers to cause a | Denial of Service (DoS) via a crafted video file. https://github.com/strukturag/libde265/issues/345 CVE-2022-43250[11]: | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow | vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This | vulnerability allows attackers to cause a Denial of Service (DoS) via | a crafted video file. https://github.com/strukturag/libde265/issues/346 CVE-2022-43252[12]: | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow | vulnerability via put_epel_16_fallback in fallback-motion.cc. This | vulnerability allows attackers to cause a Denial of Service (DoS) via | a crafted video file. https://github.com/strukturag/libde265/issues/347 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-43235 https://www.cve.org/CVERecord?id=CVE-2022-43235 [1] https://security-tracker.debian.org/tracker/CVE-2022-43236 https://www.cve.org/CVERecord?id=CVE-2022-43236 [2] https://security-tracker.debian.org/tracker/CVE-2022-43237 https://www.cve.org/CVERecord?id=CVE-2022-43237 [3] https://security-tracker.debian.org/tracker/CVE-2022-43238 https://www.cve.org/CVERecord?id=CVE-2022-43238 [4] https://security-tracker.debian.org/tracker/CVE-2022-43239 https://www.cve.org/CVERecord?id=CVE-2022-43239 [5] https://security-tracker.debian.org/tracker/CVE-2022-43240 https://www.cve.org/CVERecord?id=CVE-2022-43240 [6] https://security-tracker.debian.org/tracker/CVE-2022-43241 https://www.cve.org/CVERecord?id=CVE-2022-43241 [7] https://security-tracker.debian.org/tracker/CVE-2022-43242 https://www.cve.org/CVERecord?id=CVE-2022-43242 [8] https://security-tracker.debian.org/tracker/CVE-2022-43244 https://www.cve.org/CVERecord?id=CVE-2022-43244 [9] https://security-tracker.debian.org/tracker/CVE-2022-43245 https://www.cve.org/CVERecord?id=CVE-2022-43245 [10] https://security-tracker.debian.org/tracker/CVE-2022-43249 https://www.cve.org/CVERecord?id=CVE-2022-43249 [11] https://security-tracker.debian.org/tracker/CVE-2022-43250 https://www.cve.org/CVERecord?id=CVE-2022-43250 [12] https://security-tracker.debian.org/tracker/CVE-2022-43252 https://www.cve.org/CVERecord?id=CVE-2022-43252 Please adjust the affected versions in the BTS as needed.
