Bug 917764 (CVE-2023-43887)

Summary:	media-libs/libde265: buffer overflow(s)
Product:	Gentoo Security	Reporter:	Jarkko Suominen <bugzillas>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	UNCONFIRMED ---
Severity:	minor	CC:	media-video
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://github.com/strukturag/libde265/issues/418
Whiteboard:	A4 [ebuild]
Package list:		Runtime testing required:	---

Description Jarkko Suominen 2023-11-22 20:44:28 UTC

https://www.cve.org/CVERecord?id=CVE-2023-43887
Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump.

https://github.com/strukturag/libde265/issues/418
There is a segmentation fault caused by a buffer over-read on pic_parameter_set::dump due to an incorrect value of num_tile_columns or num_tile_rows.

https://github.com/strukturag/libde265/commit/63b596c915977f038eafd7647d1db25488a8c133
Fixed in v1.0.13.
Latest version in upstream is v1.0.14, in the tree the latest is 1.0.11.