917764 – (CVE-2023-43887) media-libs/libde265: buffer overflow(s)

Bug 917764 (CVE-2023-43887) - media-libs/libde265: buffer overflow(s)

Summary: media-libs/libde265: buffer overflow(s)

Status:	UNCONFIRMED

Alias:	CVE-2023-43887

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://github.com/strukturag/libde26...
Whiteboard:	A4 [ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2023-11-22 20:44 UTC by Jarkko Suominen
Modified:	2023-11-22 20:46 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jarkko Suominen 2023-11-22 20:44:28 UTC

https://www.cve.org/CVERecord?id=CVE-2023-43887
Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump.

https://github.com/strukturag/libde265/issues/418
There is a segmentation fault caused by a buffer over-read on pic_parameter_set::dump due to an incorrect value of num_tile_columns or num_tile_rows.

https://github.com/strukturag/libde265/commit/63b596c915977f038eafd7647d1db25488a8c133
Fixed in v1.0.13.
Latest version in upstream is v1.0.14, in the tree the latest is 1.0.11.