Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.6:Update
gstreamer-plugins-bad.31546
gstreamer-plugins-bad-CVE-2023-40476.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File gstreamer-plugins-bad-CVE-2023-40476.patch of Package gstreamer-plugins-bad.31546
commit ce17e968e4cf900d28ca5b46f6e095febc42b4f0 Author: Sebastian Dröge <sebastian@centricular.com> Date: Thu Aug 10 15:45:01 2023 +0300 mxfdemux: Fix integer overflow causing out of bounds writes when handling invalid uncompressed video Check ahead of time when parsing the track information whether width, height and bpp are valid and usable without overflows. Fixes ZDI-CAN-21660, CVE-2023-40474 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2896 Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5362> diff -Nura gst-plugins-bad-1.22.0/gst-libs/gst/codecparsers/gsth265parser.c gst-plugins-bad-1.22.0_new/gst-libs/gst/codecparsers/gsth265parser.c --- gst-plugins-bad-1.22.0/gst-libs/gst/codecparsers/gsth265parser.c 2023-01-24 03:29:34.000000000 +0800 +++ gst-plugins-bad-1.22.0_new/gst-libs/gst/codecparsers/gsth265parser.c 2023-10-26 19:40:01.426991664 +0800 @@ -1845,6 +1845,7 @@ READ_UINT8 (&nr, vps->max_layers_minus1, 6); READ_UINT8 (&nr, vps->max_sub_layers_minus1, 3); + CHECK_ALLOWED (vps->max_sub_layers_minus1, 0, 6); READ_UINT8 (&nr, vps->temporal_id_nesting_flag, 1); /* skip reserved_0xffff_16bits */ @@ -2014,6 +2015,7 @@ READ_UINT8 (&nr, sps->vps_id, 4); READ_UINT8 (&nr, sps->max_sub_layers_minus1, 3); + CHECK_ALLOWED (sps->max_sub_layers_minus1, 0, 6); READ_UINT8 (&nr, sps->temporal_id_nesting_flag, 1); if (!gst_h265_parse_profile_tier_level (&sps->profile_tier_level, &nr,
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor