Login Sign Up

CVE-2022-47664

7.8 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

CVE-2022-47664 is a buffer overflow vulnerability in Libde265's HEVC video decoding function that could allow attackers to execute arbitrary code or cause denial of service. This affects any application or system using vulnerable versions of Libde265 for HEVC/H.265 video processing. Media players, video editors, and web applications handling HEVC content are potentially impacted.

💻 Affected Systems

Products:
  • Libde265
  • Applications using Libde265 library for HEVC decoding
Versions: Libde265 1.0.9 and possibly earlier versions
Operating Systems: Linux, Windows, macOS, BSD systems
Default Config Vulnerable: ⚠️ Yes
Notes: Any application linking against vulnerable Libde265 versions is affected when processing HEVC content

📦 What is this software?

Libde265 by Struktur

View all CVEs affecting Libde265 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment

🟠

Likely Case

Application crash or denial of service when processing malicious HEVC video files

🟢

If Mitigated

Application crash contained within sandboxed environment with no privilege escalation

🌐 Internet-Facing: MEDIUM - Requires processing of attacker-controlled HEVC content, which is common in media applications
🏢 Internal Only: LOW - Requires local access or internal file processing scenarios

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting malicious HEVC video files; public proof-of-concept demonstrates crash

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Libde265 1.0.10 or later

Vendor Advisory: https://github.com/strukturag/libde265/issues/368

Restart Required: Yes

Instructions:

1. Update Libde265 to version 1.0.10 or later. 2. Rebuild applications using Libde265. 3. Restart affected services. 4. Test HEVC decoding functionality.

🔧 Temporary Workarounds

Disable HEVC decoding

all

Disable HEVC/H.265 video processing in applications using Libde265

Application-specific configuration required

Input validation

all

Implement strict validation of HEVC video files before processing

Implement file validation in application code

🧯 If You Can't Patch

  • Isolate systems using Libde265 in network segments with restricted access
  • Implement application sandboxing or containerization to limit exploit impact

🔍 How to Verify

Check if Vulnerable:

Check Libde265 version: ldd --version | grep libde265 or check application dependencies

Check Version:

pkg-config --modversion libde265

Verify Fix Applied:

Verify Libde265 version is 1.0.10 or later and test with known malicious HEVC samples

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with segmentation faults
  • Memory corruption errors in application logs
  • Abnormal termination of media processing services

Network Indicators:

  • Unusual HEVC file transfers to media servers
  • Exploit attempts via crafted video uploads

SIEM Query:

source="application.log" AND ("segmentation fault" OR "buffer overflow" OR "libde265")

📊 Metadata

CVE ID: CVE-2022-47664
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: March 3, 2023
Last Updated: March 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-47664, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)