Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 889876 (CVE-2022-47655, CVE-2022-47664, CVE-2022-47665, CVE-2023-24751, CVE-2023-24752, CVE-2023-24754, CVE-2023-24755, CVE-2023-24756, CVE-2023-24757, CVE-2023-24758, CVE-2023-25221)

Summary: <media-libs/libde265-1.0.11: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: atoth, media-video
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/strukturag/libde265/issues/367
Whiteboard: B3 [glsa?]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-05 18:54:13 UTC
CVE-2022-47655:

Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short>
Comment 1 Jonas Stein gentoo-dev 2023-02-11 12:40:37 UTC
*** Bug 893942 has been marked as a duplicate of this bug. ***
Comment 2 Attila Tóth 2023-02-11 13:36:25 UTC
According to upstream commit, this has only been addressed in libde265-1.0.10:
https://github.com/strukturag/libde265/issues/367
https://github.com/strukturag/libde265/pull/376
The latest release is libde265-1.0.11. A simple version bump would take care.
Comment 3 Larry the Git Cow gentoo-dev 2023-03-11 04:34:58 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=794b1d7b8638c843a64d94445aa138556a412470

commit 794b1d7b8638c843a64d94445aa138556a412470
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2023-03-11 04:34:11 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2023-03-11 04:34:11 +0000

    media-libs/libde265: bump to 1.0.11, sync live
    
    Bug: https://bugs.gentoo.org/889876
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 media-libs/libde265/Manifest               |  1 +
 media-libs/libde265/libde265-1.0.11.ebuild | 95 ++++++++++++++++++++++++++++++
 media-libs/libde265/libde265-9999.ebuild   |  7 +--
 3 files changed, 99 insertions(+), 4 deletions(-)
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-03-11 04:41:02 UTC
(In reply to Attila Tóth from comment #2)
> According to upstream commit, this has only been addressed in
> libde265-1.0.10:
> https://github.com/strukturag/libde265/issues/367
> https://github.com/strukturag/libde265/pull/376
> The latest release is libde265-1.0.11. A simple version bump would take care.

Done, thanks!
Comment 5 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-04-26 03:38:58 UTC
CVE-2023-24751 (https://github.com/strukturag/libde265/issues/379):

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

CVE-2023-24752 (https://github.com/strukturag/libde265/issues/378):

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_hevc_epel_pixels_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

CVE-2023-24754 (https://github.com/strukturag/libde265/issues/382):

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

CVE-2023-24755 (https://github.com/strukturag/libde265/issues/384):

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

CVE-2023-24756 (https://github.com/strukturag/libde265/issues/380):

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

CVE-2023-24757 (https://github.com/strukturag/libde265/issues/385):

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

CVE-2023-24758 (https://github.com/strukturag/libde265/issues/383):

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

CVE-2023-25221 (https://github.com/strukturag/libde265/issues/388):

Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc.

More, all fixed in 1.0.11
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-04-26 03:41:19 UTC
CVE-2022-47664 (https://github.com/strukturag/libde265/issues/368):

Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_hevc_qpel_pixels_8_sse

CVE-2022-47665 (https://github.com/strukturag/libde265/issues/369):

Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int)

Two more, these fixed in 1.0.10
Comment 7 Hans de Graaff gentoo-dev Security 2023-10-19 12:38:52 UTC
Please clean up vulnerable versions 1.0.8 and 1.0.9.
Comment 8 Larry the Git Cow gentoo-dev 2023-10-23 04:14:43 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0f8be848d57de54f2f1c24a5486734f176f3f9ee

commit 0f8be848d57de54f2f1c24a5486734f176f3f9ee
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2023-10-23 04:13:16 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2023-10-23 04:14:28 +0000

    media-libs/libde265: drop 1.0.8, 1.0.9
    
    Bug: https://bugs.gentoo.org/813486
    Bug: https://bugs.gentoo.org/889876
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 media-libs/libde265/Manifest              |  2 -
 media-libs/libde265/libde265-1.0.8.ebuild | 96 -------------------------------
 media-libs/libde265/libde265-1.0.9.ebuild | 96 -------------------------------
 3 files changed, 194 deletions(-)