From: Ankur Tyagi <[email protected]> Details: https://nvd.nist.gov/vuln/detail/CVE-2023-43887
Signed-off-by: Ankur Tyagi <[email protected]> --- .../libde265/libde265/CVE-2023-43887.patch | 39 +++++++++++++++++++ .../libde265/libde265_1.0.12.bb | 4 +- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2023-43887.patch diff --git a/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2023-43887.patch b/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2023-43887.patch new file mode 100644 index 0000000000..f8ab0e1e40 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2023-43887.patch @@ -0,0 +1,39 @@ +From e31a5389f2a4967b9ca298a3435d1af2f9a04cda Mon Sep 17 00:00:00 2001 +From: Dirk Farin <[email protected]> +Date: Fri, 1 Sep 2023 21:18:48 +0200 +Subject: [PATCH] fix #418 + +CVE: CVE-2023-43887 +Upstream-Status: Backport [https://github.com/strukturag/libde265/commit/63b596c915977f038eafd7647d1db25488a8c133] +(cherry picked from commit 63b596c915977f038eafd7647d1db25488a8c133) +Signed-off-by: Ankur Tyagi <[email protected]> +--- + libde265/decctx.cc | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/libde265/decctx.cc b/libde265/decctx.cc +index 223a6aaf..350f7e7a 100644 +--- a/libde265/decctx.cc ++++ b/libde265/decctx.cc +@@ -582,16 +582,17 @@ de265_error decoder_context::read_pps_NAL(bitreader& reader) + std::shared_ptr<pic_parameter_set> new_pps = std::make_shared<pic_parameter_set>(); + + bool success = new_pps->read(&reader,this); ++ if (!success) { ++ return DE265_WARNING_PPS_HEADER_INVALID; ++ } + + if (param_pps_headers_fd>=0) { + new_pps->dump(param_pps_headers_fd); + } + +- if (success) { +- pps[ (int)new_pps->pic_parameter_set_id ] = new_pps; +- } ++ pps[ (int)new_pps->pic_parameter_set_id ] = new_pps; + +- return success ? DE265_OK : DE265_WARNING_PPS_HEADER_INVALID; ++ return DE265_OK; + } + + de265_error decoder_context::read_sei_NAL(bitreader& reader, bool suffix) diff --git a/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.12.bb b/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.12.bb index 3c9f899491..3466d37317 100644 --- a/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.12.bb +++ b/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.12.bb @@ -8,7 +8,9 @@ LICENSE = "LGPL-3.0-only & MIT" LICENSE_FLAGS = "commercial" LIC_FILES_CHKSUM = "file://COPYING;md5=695b556799abb2435c97a113cdca512f" -SRC_URI = "git://github.com/strukturag/libde265.git;branch=master;protocol=https" +SRC_URI = "git://github.com/strukturag/libde265.git;branch=master;protocol=https \ + file://CVE-2023-43887.patch \ +" SRCREV = "a267c84707ab264928fa9b86de2ee749c48c318c" S = "${WORKDIR}/git"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123313): https://lists.openembedded.org/g/openembedded-devel/message/123313 Mute This Topic: https://lists.openembedded.org/mt/117184747/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
