The Libde265 v1..8 library is an open-source implementation of the High Efficiency Video Coding (HEVC) video compression standard. Recently, a heap-buffer-overflow vulnerability has been discovered in the Libde265 v1..8 library. This vulnerability can be exploited by an attacker who can provide a crafted video file to the target system. The vulnerability impacts the ff_hevc_put_weighted_pred_avg_8_sse function in the sse-motion.cc file, causing a Denial of Service (DoS) situation.
This article will provide a detailed overview of CVE-2022-43243, the code snippet related to the vulnerability, and links to the original references. We will also discuss the impact of this vulnerability and exploit details.
Vulnerability Details
CVE ID: CVE-2022-43243
Affected Versions: Libde265 v1..8
Patch Status: No patch available at the moment
Code Snippet
The vulnerability exists in the ff_hevc_put_weighted_pred_avg_8_sse function inside the sse-motion.cc file:
void ff_hevc_put_weighted_pred_avg_8_sse(uint8_t *dst, ptrdiff_t dststride,
int16_t *src1, ptrdiff_t src1stride,
int16_t *src2, ptrdiff_t src2stride,
int width, int height)
{
int x, y;
if(width % 8 == ){
for (y = ; y < height; y++) {
for (x = ; x < width; x += 8) {
hevc_put_weighted_pred_avg_8_sse((__m128i *)&dst[x],
(__m128i *)&src1[x],
(__m128i *)&src2[x]);
}
dst += dststride;
src1 += src1stride;
src2 += src2stride;
}
}else{
for (y = ; y < height; y++) {
for (x = ; x < width; x += 4) {
ff_hevc_put_weighted_pred_avg_4_sse((__m128i *)&dst[x],
(__m128i *)&src1[x],
(__m128i *)&src2[x]);
}
dst += dststride;
src1 += src1stride;
src2 += src2stride;
}
}
}
In this function, the src1 and src2 pointer parameters are iterated over, causing an overflow when the size of the allocated buffer is smaller than the calculated strides src1stride and src2stride.
Exploit Details
An attacker can exploit this vulnerability by crafting a malicious video file and delivering it to the target system. When the video file is processed using the vulnerable Libde265 library, the heap-buffer-overflow can be triggered, resulting in a crash of the application that is using the library. This can cause a Denial of Service (DoS) situation.
Impact
The attackers could use this vulnerability to cause a Denial of Service (DoS) on the target system by creating a crafted video file that exploits the heap-buffer-overflow. Additionally, this vulnerability may also be leveraged by attackers to execute arbitrary code on the target system, depending on the application accessing the crafted video file and the attacker's level of access.
Remediation
As of now, there is no official patch available to address CVE-2022-43243. However, users and developers are urged to monitor the Libde265 GitHub repository for any updates regarding the vulnerability and potential security patches.
In the meantime, users should be cautious when opening video files from untrusted sources and should consider using alternative video decoding libraries until a patch addressing the vulnerability is released.
Original References
1. CVE-2022-43243 - MITRE
2. Libde265 GitHub repository
Conclusion
The heap-buffer-overflow vulnerability in the Libde265 v1..8 library poses a serious threat to users and applications utilizing this library to process video files. Attackers can exploit this vulnerability to create a Denial of Service (DoS) situation or potentially execute arbitrary code on the target system. Users and developers should monitor the Libde265 GitHub repository for updates and security patches while avoiding using the library to process video files from untrusted sources until a patch is available.
Timeline
Published on: 11/02/2022 14:15:00 UTC
Last modified on: 02/27/2023 15:25:00 UTC