SB20220111100 - Multiple vulnerabilities in libde265
Published: January 11, 2022 Updated: February 27, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 18 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2021-36408)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in intrapred.h when decoding file using dec265. A remote attacker can pass a specially crafted file to the application and perform a denial of service (DoS) attack.
2) Out-of-bounds write (CVE-ID: CVE-2022-43253)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
3) Out-of-bounds write (CVE-ID: CVE-2022-43236)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
4) Out-of-bounds write (CVE-ID: CVE-2022-43235)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
5) Out-of-bounds write (CVE-ID: CVE-2022-43243)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
6) Reachable Assertion (CVE-ID: CVE-2021-36409)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion in sps.cc. A remote attacker can pass a specially crafted file to the application and crash it.
7) Out-of-bounds write (CVE-ID: CVE-2022-43242)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the mc_luma() function in motion.cc. A remote attacker pass a specially crafted video file to the application, trigger an out-of-bounds write and perform a denial of service (DoS) attack.
8) Input validation error (CVE-ID: CVE-2022-43241)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the ff_hevc_put_hevc_qpel_v_3_8_sse() function in sse-motion.cc. A remote attacker can pass specially crafted video file to the application and perform a denial of service (DoS) attack.
9) Input validation error (CVE-ID: CVE-2022-43238)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the ff_hevc_put_hevc_qpel_h_3_v_3_sse() function in sse-motion.cc. A remote attacker can pass specially crafted video input to the application and perform a denial of service (DoS) attack.
10) Out-of-bounds read (CVE-ID: CVE-2021-36411)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
11) Out-of-bounds read (CVE-ID: CVE-2021-35452)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in slice.cc. A remote attacker can pass a specially crafted file to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
12) Heap-based buffer overflow (CVE-ID: CVE-2022-1253)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the read_sps_NAL() function in decctx.cc. A remote attacker can pass specially crafted video file to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Out-of-bounds write (CVE-ID: CVE-2022-43252)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
14) Stack-based buffer overflow (CVE-ID: CVE-2021-36410)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the put_epel_hv_fallback() function in fallback-motion.cc. A remote attacker can pass a specially crafted file to the application, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.
15) Out-of-bounds write (CVE-ID: CVE-2022-43248)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
16) Out-of-bounds write (CVE-ID: CVE-2022-43240)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
17) Out-of-bounds write (CVE-ID: CVE-2022-43239)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
18) Out-of-bounds write (CVE-ID: CVE-2022-43237)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://github.com/strukturag/libde265/issues/299
- https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html
- https://www.debian.org/security/2023/dsa-5346
- https://github.com/strukturag/libde265/issues/348
- https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html
- https://github.com/strukturag/libde265/issues/343
- https://github.com/strukturag/libde265/issues/337
- https://github.com/strukturag/libde265/issues/339
- https://github.com/strukturag/libde265/issues/300
- https://github.com/strukturag/libde265/issues/340
- https://github.com/strukturag/libde265/issues/338
- https://github.com/strukturag/libde265/issues/336
- https://github.com/strukturag/libde265/issues/302
- https://github.com/strukturag/libde265/issues/298
- https://huntr.dev/bounties/1-other-strukturag/libde265
- https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8
- https://github.com/strukturag/libde265/issues/347
- https://github.com/strukturag/libde265/issues/301
- https://github.com/strukturag/libde265/issues/349
- https://github.com/strukturag/libde265/issues/335
- https://github.com/strukturag/libde265/issues/341
- https://github.com/strukturag/libde265/issues/344