CVE-2022-43244

2022-11-0214:15:13

Alpine Linux Development Team

security.alpinelinux.org

libde265 video-file dos_unix denial-of-service

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

47.9%

JSON

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

OSVersionArchitecturePackageVersionFilename
Alpineedge-mainnoarchlibde265< 1.0.11-r0UNKNOWN
Alpine3.14-mainnoarchlibde265< 1.0.11-r0UNKNOWN
Alpine3.15-mainnoarchlibde265< 1.0.11-r0UNKNOWN
Alpine3.16-mainnoarchlibde265< 1.0.11-r0UNKNOWN
Alpine3.17-mainnoarchlibde265< 1.0.11-r0UNKNOWN
Alpine3.18-mainnoarchlibde265< 1.0.11-r0UNKNOWN
Alpine3.19-mainnoarchlibde265< 1.0.11-r0UNKNOWN
Alpine3.20-mainnoarchlibde265< 1.0.11-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-main	noarch	libde265	< 1.0.11-r0	UNKNOWN
Alpine	3.14-main	noarch	libde265	< 1.0.11-r0	UNKNOWN
Alpine	3.15-main	noarch	libde265	< 1.0.11-r0	UNKNOWN
Alpine	3.16-main	noarch	libde265	< 1.0.11-r0	UNKNOWN
Alpine	3.17-main	noarch	libde265	< 1.0.11-r0	UNKNOWN
Alpine	3.18-main	noarch	libde265	< 1.0.11-r0	UNKNOWN
Alpine	3.19-main	noarch	libde265	< 1.0.11-r0	UNKNOWN
Alpine	3.20-main	noarch	libde265	< 1.0.11-r0	UNKNOWN