CVE-2022-47655: Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short>
*** Bug 893942 has been marked as a duplicate of this bug. ***
According to upstream commit, this has only been addressed in libde265-1.0.10: https://github.com/strukturag/libde265/issues/367 https://github.com/strukturag/libde265/pull/376 The latest release is libde265-1.0.11. A simple version bump would take care.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=794b1d7b8638c843a64d94445aa138556a412470 commit 794b1d7b8638c843a64d94445aa138556a412470 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2023-03-11 04:34:11 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-03-11 04:34:11 +0000 media-libs/libde265: bump to 1.0.11, sync live Bug: https://bugs.gentoo.org/889876 Signed-off-by: John Helmert III <ajak@gentoo.org> media-libs/libde265/Manifest | 1 + media-libs/libde265/libde265-1.0.11.ebuild | 95 ++++++++++++++++++++++++++++++ media-libs/libde265/libde265-9999.ebuild | 7 +-- 3 files changed, 99 insertions(+), 4 deletions(-)
(In reply to Attila Tóth from comment #2) > According to upstream commit, this has only been addressed in > libde265-1.0.10: > https://github.com/strukturag/libde265/issues/367 > https://github.com/strukturag/libde265/pull/376 > The latest release is libde265-1.0.11. A simple version bump would take care. Done, thanks!
CVE-2023-24751 (https://github.com/strukturag/libde265/issues/379): libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. CVE-2023-24752 (https://github.com/strukturag/libde265/issues/378): libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_hevc_epel_pixels_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. CVE-2023-24754 (https://github.com/strukturag/libde265/issues/382): libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. CVE-2023-24755 (https://github.com/strukturag/libde265/issues/384): libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. CVE-2023-24756 (https://github.com/strukturag/libde265/issues/380): libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. CVE-2023-24757 (https://github.com/strukturag/libde265/issues/385): libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. CVE-2023-24758 (https://github.com/strukturag/libde265/issues/383): libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. CVE-2023-25221 (https://github.com/strukturag/libde265/issues/388): Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc. More, all fixed in 1.0.11
CVE-2022-47664 (https://github.com/strukturag/libde265/issues/368): Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_hevc_qpel_pixels_8_sse CVE-2022-47665 (https://github.com/strukturag/libde265/issues/369): Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int) Two more, these fixed in 1.0.10
Please clean up vulnerable versions 1.0.8 and 1.0.9.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0f8be848d57de54f2f1c24a5486734f176f3f9ee commit 0f8be848d57de54f2f1c24a5486734f176f3f9ee Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2023-10-23 04:13:16 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-10-23 04:14:28 +0000 media-libs/libde265: drop 1.0.8, 1.0.9 Bug: https://bugs.gentoo.org/813486 Bug: https://bugs.gentoo.org/889876 Signed-off-by: John Helmert III <ajak@gentoo.org> media-libs/libde265/Manifest | 2 - media-libs/libde265/libde265-1.0.8.ebuild | 96 ------------------------------- media-libs/libde265/libde265-1.0.9.ebuild | 96 ------------------------------- 3 files changed, 194 deletions(-)
