813486 – (CVE-2020-21594, CVE-2020-21595, CVE-2020-21596, CVE-2020-21597, CVE-2020-21598, CVE-2020-21599, CVE-2020-21600, CVE-2020-21601, CVE-2020-21602, CVE-2020-21603, CVE-2020-21604, CVE-2020-21605, CVE-2020-21606, CVE-2021-35452, CVE-2021-36408, CVE-2021-36409, CVE-2021-36410, CVE-2021-36411, CVE-2022-1253, CVE-2022-43235, CVE-2022-43236, CVE-2022-43237, CVE-2022-43238, CVE-2022-43239, CVE-2022-43240, CVE-2022-43241, CVE-2022-43242, CVE-2022-43243, CVE-2022-43244, CVE-2022-43245, CVE-2022-43248, CVE-2022-43249, CVE-2022-43250, CVE-2022-43252, CVE-2022-43253) <media-libs/libde265-1.0.9: multiple vulnerabilities

Bug 813486 (CVE-2020-21594, CVE-2020-21595, CVE-2020-21596, CVE-2020-21597, CVE-2020-21598, CVE-2020-21599, CVE-2020-21600, CVE-2020-21601, CVE-2020-21602, CVE-2020-21603, CVE-2020-21604, CVE-2020-21605, CVE-2020-21606, CVE-2021-35452, CVE-2021-36408, CVE-2021-36409, CVE-2021-36410, CVE-2021-36411, CVE-2022-1253, CVE-2022-43235, CVE-2022-43236, CVE-2022-43237, CVE-2022-43238, CVE-2022-43239, CVE-2022-43240, CVE-2022-43241, CVE-2022-43242, CVE-2022-43243, CVE-2022-43244, CVE-2022-43245, CVE-2022-43248, CVE-2022-43249, CVE-2022-43250, CVE-2022-43252, CVE-2022-43253) - <media-libs/libde265-1.0.9: multiple vulnerabilities

Summary: <media-libs/libde265-1.0.9: multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	CVE-2020-21594, CVE-2020-21595, CVE-2020-21596, CVE-2020-21597, CVE-2020-21598, CVE-2020-21599, CVE-2020-21600, CVE-2020-21601, CVE-2020-21602, CVE-2020-21603, CVE-2020-21604, CVE-2020-21605, CVE-2020-21606, CVE-2021-35452, CVE-2021-36408, CVE-2021-36409, CVE-2021-36410, CVE-2021-36411, CVE-2022-1253, CVE-2022-43235, CVE-2022-43236, CVE-2022-43237, CVE-2022-43238, CVE-2022-43239, CVE-2022-43240, CVE-2022-43241, CVE-2022-43242, CVE-2022-43243, CVE-2022-43244, CVE-2022-43245, CVE-2022-43248, CVE-2022-43249, CVE-2022-43250, CVE-2022-43252, CVE-2022-43253

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:
Whiteboard:	B2 [glsa+]
Keywords:

Depends on:	889880
Blocks:
	Show dependency tree

Reported:	2021-09-17 18:40 UTC by John Helmert III
Modified:	2024-08-10 05:54 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2021-09-17 18:40:33 UTC

CVE-2020-21594 (https://github.com/strukturag/libde265/issues/233):

libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file.

CVE-2020-21595 (https://github.com/strukturag/libde265/issues/239):

libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file.

CVE-2020-21596 (https://github.com/strukturag/libde265/issues/236):

libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file.

CVE-2020-21597 (https://github.com/strukturag/libde265/issues/238):

libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file.

CVE-2020-21598 (https://github.com/strukturag/libde265/issues/237):

libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file.

CVE-2020-21599 (https://github.com/strukturag/libde265/issues/235):

libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file.

CVE-2020-21600 (https://github.com/strukturag/libde265/issues/243):

libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file.

CVE-2020-21601 (https://github.com/strukturag/libde265/issues/241):

libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file.

CVE-2020-21602 (https://github.com/strukturag/libde265/issues/242):

libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file.

CVE-2020-21603 (https://github.com/strukturag/libde265/issues/240):

libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file.

CVE-2020-21604 (https://github.com/strukturag/libde265/issues/231):

libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file.

CVE-2020-21605 (https://github.com/strukturag/libde265/issues/234):

libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited via a crafted a file.

CVE-2020-21606 (https://github.com/strukturag/libde265/issues/232):

libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file.


All open upstream.

Comment 1 John Helmert III archtester

2022-01-11 03:22:53 UTC

CVE-2021-36409 (https://github.com/strukturag/libde265/issues/300):

There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.

CVE-2021-36410 (https://github.com/strukturag/libde265/issues/301):

A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.

CVE-2021-36411 (https://github.com/strukturag/libde265/issues/302):

An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.

CVE-2021-36408 (https://github.com/strukturag/libde265/issues/299):

An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265.

CVE-2021-35452 (https://github.com/strukturag/libde265/issues/298):

An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.

All seem unpatched.

Comment 2 John Helmert III archtester

2022-04-09 23:19:52 UTC

CVE-2022-1253 (https://huntr.dev/bounties/1-other-strukturag/libde265):

Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to 1.0.8.

CVE appears wrong. Patch doesn't seem to be in any releases:

https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8

Comment 3 John Helmert III archtester

2022-11-02 20:27:16 UTC

CVE-2022-43252 (https://github.com/strukturag/libde265/issues/347):

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

CVE-2022-43253 (https://github.com/strukturag/libde265/issues/348):

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

CVE-2022-43245 (https://github.com/strukturag/libde265/issues/352):

Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

CVE-2022-43248 (https://github.com/strukturag/libde265/issues/349):

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

CVE-2022-43249 (https://github.com/strukturag/libde265/issues/345):

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

CVE-2022-43250 (https://github.com/strukturag/libde265/issues/346):

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

CVE-2022-43239 (https://github.com/strukturag/libde265/issues/341):

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

CVE-2022-43240 (https://github.com/strukturag/libde265/issues/335):

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

CVE-2022-43241 (https://github.com/strukturag/libde265/issues/338):

Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

CVE-2022-43242 (https://github.com/strukturag/libde265/issues/340):

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

CVE-2022-43243 (https://github.com/strukturag/libde265/issues/339):

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

CVE-2022-43244 (https://github.com/strukturag/libde265/issues/342):

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

CVE-2022-43235 (https://github.com/strukturag/libde265/issues/337):

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

CVE-2022-43236 (https://github.com/strukturag/libde265/issues/343):

Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

CVE-2022-43237 (https://github.com/strukturag/libde265/issues/344):

Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

CVE-2022-43238 (https://github.com/strukturag/libde265/issues/336):

Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

Each is untouched by upstream.

Comment 4 John Helmert III archtester

2022-11-02 20:31:47 UTC

If this package is dead we should really look into killing it. It has a few revdeps, but only one of those have revdeps, libheif.

libheif itself has numerous USE-revdeps, but one important one that doesn't: openimageio.

Comment 5 Larry the Git Cow gentoo-dev

2022-11-04 02:24:16 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=15d331cb3e949c98b564a8cf7e6b65803ad507be

commit 15d331cb3e949c98b564a8cf7e6b65803ad507be
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-11-04 01:47:15 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-11-04 02:22:16 +0000

    media-libs/libde265: add 1.0.9
    
    Bug: https://bugs.gentoo.org/813486
    Signed-off-by: Sam James <sam@gentoo.org>

 media-libs/libde265/Manifest              |  1 +
 media-libs/libde265/libde265-1.0.9.ebuild | 96 +++++++++++++++++++++++++++++++
 media-libs/libde265/libde265-9999.ebuild  |  2 +-
 3 files changed, 98 insertions(+), 1 deletion(-)

Comment 6 Hans de Graaff gentoo-dev

2023-10-02 06:33:16 UTC

Ping. Cleanup still pending. Is anything holding up removal of 1.0.8 ?

Comment 7 Larry the Git Cow gentoo-dev

2023-10-23 04:14:42 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0f8be848d57de54f2f1c24a5486734f176f3f9ee

commit 0f8be848d57de54f2f1c24a5486734f176f3f9ee
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2023-10-23 04:13:16 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2023-10-23 04:14:28 +0000

    media-libs/libde265: drop 1.0.8, 1.0.9
    
    Bug: https://bugs.gentoo.org/813486
    Bug: https://bugs.gentoo.org/889876
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 media-libs/libde265/Manifest              |  2 -
 media-libs/libde265/libde265-1.0.8.ebuild | 96 -------------------------------
 media-libs/libde265/libde265-1.0.9.ebuild | 96 -------------------------------
 3 files changed, 194 deletions(-)

Comment 8 Larry the Git Cow gentoo-dev

2024-08-10 05:53:31 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=554d7050d022ed41ed0c5966c6235d89829f79a8

commit 554d7050d022ed41ed0c5966c6235d89829f79a8
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-08-10 05:53:21 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-08-10 05:53:30 +0000

    [ GLSA 202408-20 ] libde265: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/813486
    Bug: https://bugs.gentoo.org/889876
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202408-20.xml | 88 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 88 insertions(+)