Login Sign Up

CVE-2023-43887

8.1 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

CVE-2023-43887 is a buffer overflow vulnerability in Libde265 v1.0.12's pic_parameter_set::dump function, triggered by malicious num_tile_columns and num_tile_row parameters. This allows attackers to execute arbitrary code or cause denial of service. Affected systems include any software using vulnerable Libde265 versions for HEVC/H.265 video decoding.

💻 Affected Systems

Products:
  • Libde265
  • Software using Libde265 library (media players, video editors, web applications)
Versions: Libde265 v1.0.12 and earlier
Operating Systems: Linux, Windows, macOS, BSD
Default Config Vulnerable: ⚠️ Yes
Notes: Any application that processes HEVC/H.265 video using Libde265 is vulnerable when handling untrusted content.

📦 What is this software?

Libde265 by Struktur

View all CVEs affecting Libde265 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crash causing denial of service, potentially leading to service disruption.

🟢

If Mitigated

Contained crash within sandboxed process with minimal impact.

🌐 Internet-Facing: HIGH - Exploitable via malicious video files processed by web applications or media servers.
🏢 Internal Only: MEDIUM - Requires user interaction with malicious files or automated processing of untrusted content.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting malicious HEVC video files. No public exploit code is known as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Libde265 v1.0.13 or later

Vendor Advisory: https://github.com/strukturag/libde265/commit/63b596c915977f038eafd7647d1db25488a8c133

Restart Required: Yes

Instructions:

1. Update Libde265 to v1.0.13 or later. 2. Rebuild applications using the library. 3. Restart affected services.

🔧 Temporary Workarounds

Disable HEVC processing

all

Temporarily disable HEVC/H.265 video processing in applications using Libde265.

Application-specific configuration changes required

Input validation

all

Implement strict validation of HEVC video files before processing.

Implement file validation in application code

🧯 If You Can't Patch

  • Network segmentation to isolate systems processing untrusted video files
  • Implement application sandboxing to limit exploit impact

🔍 How to Verify

Check if Vulnerable:

Check Libde265 version: `libde265 --version` or check package manager. Version 1.0.12 or earlier is vulnerable.

Check Version:

libde265 --version 2>/dev/null || dpkg -l | grep libde265 || rpm -qa | grep libde265

Verify Fix Applied:

Confirm Libde265 version is 1.0.13 or later: `libde265 --version`

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with segmentation faults
  • Memory corruption errors in application logs

Network Indicators:

  • Unusual HEVC file uploads to media processing services

SIEM Query:

Application:libde265 AND (EventType:Crash OR Error:segmentation)

📊 Metadata

CVE ID: CVE-2023-43887
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CWE: CWE-120
Published: November 22, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-43887, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)