mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity

libde265: patch CVE-2022-1253

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-1253

Pick the patch from the nvd report.

The patch is only partially backported, because part of the vulnerable
code was introuced only in a later version.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari
2025-11-28 21:18:32 +01:00
parent 7965aa0704
commit 91c15953c0
2 changed files with 37 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2022-1253.patch
+34
View File
@@ -0,0 +1,34 @@
From 4dcc28a63e12a6cc8b99bc8e96c5c764fc7a8f1d Mon Sep 17 00:00:00 2001
From: Dirk Farin <dirk.farin@gmail.com>
Date: Tue, 5 Apr 2022 09:52:57 +0200
Subject: [PATCH] error on out-of-range cpb_cnt_minus1 (oss-fuzz issue 27590)
CVE: CVE-2022-1253
Upstream-Status: Backport [https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8]
This is a partial backport of the linked commit. The vulnerability impacted
two parts of the code, however one part, which deals with HRD parameters
was only introduced in a later version (1.0.8), and is not present in
the Kirkstone version yet (1.0.5).
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
libde265/sps.cc | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libde265/sps.cc b/libde265/sps.cc
index 476cdbb..37bde7b 100644
--- a/libde265/sps.cc
+++ b/libde265/sps.cc
@@ -425,7 +425,10 @@ de265_error seq_parameter_set::read(error_queue* errqueue, bitreader* br)
vui_parameters_present_flag = get_bits(br,1);
if (vui_parameters_present_flag) {
- vui.read(errqueue, br, this);
+ de265_error err = vui.read(errqueue, br, this);
+ if (err) {
+ return err;
+ }
}
meta-multimedia/recipes-multimedia/libde265/libde265_1.0.5.bb
+3 -1
View File
@@ -8,7 +8,9 @@ LICENSE = "LGPL-3.0-only & MIT"
LICENSE_FLAGS = "commercial" LICENSE_FLAGS = "commercial"
LIC_FILES_CHKSUM = "file://COPYING;md5=695b556799abb2435c97a113cdca512f" LIC_FILES_CHKSUM = "file://COPYING;md5=695b556799abb2435c97a113cdca512f"
SRC_URI = "https://github.com/strukturag/libde265/releases/download/v${PV}/${BPN}-${PV}.tar.gz" SRC_URI = "https://github.com/strukturag/libde265/releases/download/v${PV}/${BPN}-${PV}.tar.gz \
file://CVE-2022-1253.patch \
"
SRC_URI[sha256sum] = "e3f277d8903408615a5cc34718b391b83c97c646faea4f41da93bac5ee08a87f" SRC_URI[sha256sum] = "e3f277d8903408615a5cc34718b391b83c97c646faea4f41da93bac5ee08a87f"
EXTRA_OECONF = "--disable-sherlock265 --disable-dec265" EXTRA_OECONF = "--disable-sherlock265 --disable-dec265"