Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 917764 (CVE-2023-43887) - media-libs/libde265: buffer overflow(s)
Summary: media-libs/libde265: buffer overflow(s)
Alias: CVE-2023-43887
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: A4 [ebuild]
Depends on:
Reported: 2023-11-22 20:44 UTC by Jarkko Suominen
Modified: 2023-11-22 20:46 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Jarkko Suominen 2023-11-22 20:44:28 UTC
Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump.
There is a segmentation fault caused by a buffer over-read on pic_parameter_set::dump due to an incorrect value of num_tile_columns or num_tile_rows.
Fixed in v1.0.13.
Latest version in upstream is v1.0.14, in the tree the latest is 1.0.11.