Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 917764 (CVE-2023-43887)

Summary: media-libs/libde265: buffer overflow(s)
Product: Gentoo Security Reporter: Jarkko Suominen <bugzillas>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: UNCONFIRMED ---    
Severity: minor CC: media-video
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A4 [ebuild]
Package list:
Runtime testing required: ---

Description Jarkko Suominen 2023-11-22 20:44:28 UTC
Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump.
There is a segmentation fault caused by a buffer over-read on pic_parameter_set::dump due to an incorrect value of num_tile_columns or num_tile_rows.
Fixed in v1.0.13.
Latest version in upstream is v1.0.14, in the tree the latest is 1.0.11.