{"id":"CVE-2022-1253","summary":"Heap-based Buffer Overflow in strukturag/libde265","details":"Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release.","modified":"2026-04-16T04:44:40.124079932Z","published":"2022-04-06T00:00:00Z","database_specific":{"cna_assigner":"@huntrdev","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1253.json","cwe_ids":["CWE-122"]},"references":[{"type":"WEB","url":"https://huntr.dev/bounties/1-other-strukturag/libde265"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1253.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1253"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5346"},{"type":"FIX","url":"https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/strukturag/libde265","events":[{"introduced":"0"},{"fixed":"8e89fe0e175d2870c39486fdd09250b230ec10b8"}]}],"versions":["v0.1","v0.2","v0.3","v0.4","v0.5","v1.0.0","v1.0.3","v1.0.4","v1.0.5","v1.0.6","v1.0.7","v1.0.8"],"database_specific":{"vanir_signatures_modified":"2026-04-12T09:22:08Z","vanir_signatures":[{"digest":{"line_hashes":["202132813394368793252372296038490491884","57480292275328694761362079404650047886","190249936156149638369287607618362334172","338924197999826606531167202863109123947"],"threshold":0.9},"id":"CVE-2022-1253-1e63198b","signature_version":"v1","target":{"file":"libde265/sps.cc"},"signature_type":"Line","deprecated":false,"source":"https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8"},{"target":{"function":"seq_parameter_set::read","file":"libde265/sps.cc"},"id":"CVE-2022-1253-26a64cac","signature_version":"v1","digest":{"length":7276,"function_hash":"210121378190826524042207948115195377071"},"signature_type":"Function","deprecated":false,"source":"https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8"},{"digest":{"length":2316,"function_hash":"253210681964015321300872825600936547057"},"id":"CVE-2022-1253-58fc3190","signature_version":"v1","target":{"function":"video_usability_information::hrd_parameters","file":"libde265/vui.cc"},"signature_type":"Function","deprecated":false,"source":"https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8"},{"target":{"function":"video_usability_information::read","file":"libde265/vui.cc"},"id":"CVE-2022-1253-767fd50d","signature_version":"v1","digest":{"length":4653,"function_hash":"108937228968666756325575206902695273073"},"signature_type":"Function","deprecated":false,"source":"https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8"},{"target":{"file":"libde265/vui.cc"},"id":"CVE-2022-1253-e65faec8","signature_version":"v1","digest":{"line_hashes":["215776908352763999638890499227187466087","58775356746445001299908757144270239703","187492830555761779351243266096542272725","277794084751432947785638582084017446768","140077959662551403007061336466746842142","188339106116204205175380359552263948081","302905903411076490407846549385153749993","287508263667589468781989154551970454654"],"threshold":0.9},"signature_type":"Line","deprecated":false,"source":"https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1253.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"}]}