File gstreamer-plugins-bad-CVE-2023-40476.patch of Package gstreamer-plugins-bad.openSUSE_Leap_15.4_Update

Overview Repositories Revisions Requests Users Attributes Meta

File gstreamer-plugins-bad-CVE-2023-40476.patch of Package gstreamer-plugins-bad.openSUSE_Leap_15.4_Update

Author: Nicolas Dufresne <nicolas.dufresne@collabora.com>
Date:   Wed Aug 9 12:49:19 2023 -0400

h265parser: Fix possible overflow using max_sub_layers_minus1
    
    This fixes a possible overflow that can be triggered by an invalid value of
    max_sub_layers_minus1 being set in the bitstream. The bitstream uses 3 bits,
    but the allowed range is 0 to 6 only.
    
    Fixes ZDI-CAN-21768, CVE-2023-40476
    
    Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2895
    
    Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5364>

diff -Nura gst-plugins-bad-1.20.1/gst-libs/gst/codecparsers/gsth265parser.c gst-plugins-bad-1.20.1_new/gst-libs/gst/codecparsers/gsth265parser.c
--- gst-plugins-bad-1.20.1/gst-libs/gst/codecparsers/gsth265parser.c	2022-03-14 19:33:40.000000000 +0800
+++ gst-plugins-bad-1.20.1_new/gst-libs/gst/codecparsers/gsth265parser.c	2023-10-31 16:09:58.934484730 +0800

@@ -1670,6 +1670,7 @@
 
   READ_UINT8 (&nr, vps->max_layers_minus1, 6);
   READ_UINT8 (&nr, vps->max_sub_layers_minus1, 3);
+  CHECK_ALLOWED (vps->max_sub_layers_minus1, 0, 6);
   READ_UINT8 (&nr, vps->temporal_id_nesting_flag, 1);
 
   /* skip reserved_0xffff_16bits */
@@ -1848,6 +1849,7 @@
   sps->vps = vps;
 
   READ_UINT8 (&nr, sps->max_sub_layers_minus1, 3);
+  CHECK_ALLOWED (sps->max_sub_layers_minus1, 0, 6);
   READ_UINT8 (&nr, sps->temporal_id_nesting_flag, 1);
 
   if (!gst_h265_parse_profile_tier_level (&sps->profile_tier_level, &nr,

Places

File gstreamer-plugins-bad-CVE-2023-40476.patch of Package gstreamer-plugins-bad.openSUSE_Leap_15.4_Update

Places