CVE-2022-43253 - Libde265 v1..8 Heap-Buffer-Overflow Vulnerability in put_unweighted_pred_16_fallback Function of fallback-motion.cc, Allowing Attackers to Cause Denial of Service

A heap-buffer-overflow vulnerability (CVE-2022-43253) has been discovered in Libde265, a popular open-source HEVC/H.265 video codec library, affecting version 1..8. This critical issue is present in the put_unweighted_pred_16_fallback function, located within the fallback-motion.cc file. Attackers can exploit this vulnerability to cause a Denial of Service (DoS) via a specially crafted video file, disrupting the normal operation of an affected system and potentially causing data loss.

Exploit Details

The vulnerability exists within the function put_unweighted_pred_16_fallback responsible for motion-compensated prediction. In this function, a crafted video file containing specific meta-information can trigger a heap-buffer-overflow, causing undefined behavior and ultimately crashing the application.

Code Snippet

static void put_unweighted_pred_16_fallback (uint8_t* dst, int dst_stride, const uint8_t* src, int src_stride, int mv_x, int mv_y, int logWD, int log2_Bpp) {
  if (mv_x < ) {
    dst = (uint8_t*)(dst - mv_x);
    src = (uint8_t*)(src - mv_x);
  }
  ... // The rest of the function implementation
}

Here, the code fails to properly validate and sanitize the mv_x and mv_y variables. These variables represent motion vector components critical to the motion compensation process. As such, an attacker can craft a video file with specific meta-information to trigger the vulnerability.

How to Replicate the Exploit

To replicate this exploit on your system, you need a Libde265 v1..8 application capable of processing a crafted video file to trigger the heap-buffer-overflow. Such an application can include players, converters, or even video editors that handle HEVC video files.

Next, import this video file into your Libde265 1..8 application.

3. Finally, process the video file, which will trigger the heap-buffer-overflow and crash the application.

Please note that this process could potentially cause data loss and disrupt the normal operation of the affected system. It is advisable to not replicate it on productive or sensitive environments.

Mitigation and Patching

The developers of Libde265 have already been notified of this security issue. A patch is expected soon to fix the vulnerability. Until a patch is released, it is recommended to downgrade to a known secure version of Libde265 or switch to another video codec library as a temporary measure.

Original References

1. CVE-2022-43253 - The CVE Details
2. Libde265 official website
3. Tutorial on libde265 usage

In conclusion, CVE-2022-43253 is a serious vulnerability affecting Libde265 v1..8, enabling attackers to cause a Denial of Service via crafted video files. The vulnerability resides within the put_unweighted_pred_16_fallback function in fallback-motion.cc. Users of Libde265 should keep an eye out for upcoming patches that address this issue and consider downgrading or temporarily switching to a different video codec library in the meantime.

Timeline

Published on: 11/02/2022 14:15:00 UTC
Last modified on: 02/27/2023 15:26:00 UTC