GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability.
This vulnerability allows remote attackers to execute arbitrary code on affected
installations of GStreamer. Interaction with this library is required to exploit this
vulnerability but attack vectors may vary depending on the implementation. The specific
flaw exists within the parsing of EXIF metadata. The issue results from the lack of
proper validation of user-supplied data, which can result in an integer overflow before
allocating a buffer. An attacker can leverage this vulnerability to execute code in the
context of the current process. . Was ZDI-CAN-23896.
(From OE-Core rev: 6708631c89d1cb0d7e0e1b888c51826b3939f8af)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Without a CVE tag, It will be recognised as Unpatched by cve_check task.
(From OE-Core rev: afc21d7fe86d26bf62e56fc611750f89fe73aa1a)
Signed-off-by: mark.yang <mark.yang@lge.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Without a CVE tag, It will be recognised as Unpatched by cve_check task.
(From OE-Core rev: ce4ac3d167496d2f3a3029ef83dc418a0794c2fb)
Signed-off-by: mark.yang <mark.yang@lge.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This is required by latest webkit when built with x11 support.
(From OE-Core rev: 024edebf6f722ae4d05411be348730d9eeb3bd7c)
(From OE-Core rev: 9fc0f0a15388af175bd53de5190801750064e60c)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Claus Stovgaard <claus.stovgaard@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Add patch from libwebp 1.2.4 to fix CVE-2023-5129
(From OE-Core rev: 544301c63801cf0c0cfcc0c8d71bdd8e2de82805)
Signed-off-by: Colin McAllister <colinmca242@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
gst-plugins-bad: Heap-based buffer overflow in the MXF file demuxer when handling
malformed files with uncompressed video in GStreamer versions before 1.22.6
(From OE-Core rev: d0c8e2f78c8003ad383cc63cff32147156412650)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Buffer Overflow vulnerability in function bitwriter_grow_ in flac before
1.4.0 allows remote attackers to run arbitrary code via crafted input to
the encoder.
(From OE-Core rev: 29c6287287c9f26c1d6f9fddf8d2852409bbbbec)
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This release only contains bugfixes.
Highlighted bugfixes in 1.20.7:
Security fixes for flacparse, dvdspu, and subparse, and the RealMedia demuxer
h265parse: Fix framerate handling
filesink: Fix buffered mode writing of buffer lists and buffers with multiple memories
asfmux, rtpbin_buffer_list test: fix possible unaligned write/read on 32-bit ARM
ptp clock: Work around bug in ptpd in default configuration
qtdemux: fix reverse playback regression with edit lists
rtspsrc: various control path handling server compatibility improvements
avviddec: fix potential deadlock on seeking with FFmpeg 6.x
cerbero: Fix pango crash on 32bit Windows; move libass into non-GPL codecs
Miscellaneous bug fixes, memory leak fixes, and other stability and reliability improvements
https://nvd.nist.gov/vuln/detail/CVE-2023-37327https://nvd.nist.gov/vuln/detail/CVE-2023-37328https://nvd.nist.gov/vuln/detail/CVE-2023-37329https://gstreamer.freedesktop.org/releases/1.20/#1.20.7
(From OE-Core rev: c6b7492406540aca60dfd8c9913c7ac14fcc750f)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
libpng is a platform-independent library which
supports all PNG features.
This ptest executes the below binaries, parses
the png image and prints the image features.
1. pngfix - provides information about PNG image
copyrights details.
2. pngtest - tests, optimizes and optionally fixes
the zlib header in PNG files.
3. pngstest - verifies the integrity of PNG image by
dumping chunk level information.
4. timepng - provides details about PNG image chunks.
(From OE-Core rev: 2d58b38185ca7eed5d885b8d00ca549b57138554)
Signed-off-by: Nikhil R <nikhil.r@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Changelog:
===========
audio: channel-mix: allow up to 64 channels instead of up to 63 channels
AOM AV1 encoder timestamp handling improvements
AV1 video codec caps handling improvements in aom plugin, isomp4 and matroska muxers/demuxers.
avvidenc: fix bitrate control and timestamps off FFmpeg-based video encoders
h264parse: fix missing timestamps on outputs when splitting a frame
rtspsrc: more workarounds for servers with broken control uri handling
playbin3: fix issue with UDP streams, making sure there's enough buffering
qmlglsrc: Fix deadlock when stopping and some other fixes
qtmux: fix default timescale unit for N/1001 framerates
v4l2h264dec: Fix Raspberry Pi4 will not play video in application
vtdec: Fix non-deterministic frame output after seeks
wasapi2src: Fix loopback capture on Windows 10 Anniversary Update
macOS, iOS: Fix Xcode 14 ABI breakage with older Xcode
cerbero: Fix some regressions for CentOS in the 1.20 branch
cerbero: Fix setuptools site.py breakage in Python 3.11
Fix gst-libav build against FFmpeg from git
gobject-introspection annotation fixes for bindings
Miscellaneous bug fixes, memory leak fixes, and other stability and reliability improvements
Performance improvements
(From OE-Core rev: 102c453668f71dd30c3f0f13502f0993a051d7fe)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and
other products, leaves stale hwaccel state in worker threads, which
allows attackers to trigger a use-after-free and execute arbitrary
code in some circumstances (e.g., hardware re-initialization upon a
mid-video SPS change when Direct3D11 is used).
(From OE-Core rev: 392f984ffd95bcd3ce4c364b40425e7808ca7719)
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
tiff-native otherwise falsely detects webp if its installed on build
host. This ensures deterministic behavior regardless of host.
(From OE-Core rev: dafd8cf38d6414ca3102695b5a55a8fd2718e584)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 718c44f282310b2ca85877fed706460ccc1eebea)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
avformat/nutdec: Add check for avformat_new_stream
Check for failure of avformat_new_stream() and propagate
the error code.
(From OE-Core rev: e17ddd0fafb562ed7ebe7708dac9bcef2d6cecc1)
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
===========
systemclock waiting fixes for certain 32-bit platforms/libcs
alphacombine: robustness improvements for corner case scenarios
avfvideosrc: Report latency when doing screen capture
d3d11videosink: various thread-safety and stability fixes
decklink: fix performance issue when HDMI signal has been lost for a long time
flacparse: Fix handling of headers advertising 32 bits per sample
mpegts: Handle when iconv doesn't support ISO 6937 (e.g. musl libc)
opengl: fix automatic dispmanx detection for rpi4 and fix usage of eglCreate/DestroyImage
opusdec: Various channel-related fixes
textrender: event handling fixes, esp. for GAP event
subparse: Fix non-closed tag handling
videoscale: fix handling of unknown buffer metas
videosink: reverse playback handling fixes
qtmux: Prefill mode fixes, especially for raw audio
multiudpsink: allow binding to IPv6 address
rtspsrc: Fix usage of IPv6 connections in SETUP
rtspsrc: Only EOS on timeout if all streams are timed out/EOS
splitmuxsrc: fix playback stall if there are unlinked pads
v4l2: Fix SIGSEGV on state change during format changes
wavparse robustness fixes
Fix static linking on macOS (opengl, vulkan)
gstreamer-vaapi: fix headless build against mesa >= 22.3.0
GStreamer Editing Services library: Fix build with tools disabled
webrtc example/demo fixes
unit test fixes for aesdec and rtpjitterbuffer
Cerbero: Fix ios cross-compile with cmake on M1; some recipe updates and other build fixes
Binary packages: pkg-config file fixes for various recipes (ffmpeg, taglib, gstreamer)
Binary packages: Enable high bitdepth support for libvpx (VP8/VP9 encoding/decoding)
Binary packages: ship aes plugin
Miscellaneous bug fixes, memory leak fixes, and other stability and reliability improvements
Performance improvements
(From OE-Core rev: e9a05c026c6b1f39c4413abea9912542aa608cbe)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit fd8ab6052d88120c58cf84ad7d77d60c12ef3b8a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
* Changed the error handler of oversized chunks (i.e. larger than
PNG_USER_CHUNK_MALLOC_MAX) from png_chunk_error to png_benign_error.
* Fixed a buffer overflow error in contrib/tools/pngfix.
* Fixed a memory leak (CVE-2019-6129) in contrib/tools/pngcp.
* Disabled the ARM Neon optimizations by default in the CMake file,
following the default behavior of the configure script.
* Allowed configure.ac to work with the trunk version of autoconf.
* Removed the support for "install" targets from the legacy makefiles;
removed the obsolete makefile.cegcc.
* Cleaned up the code and updated the internal documentation.
(From OE-Core rev: 63725065af4c74a352984cfe7563e4099199d24d)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 19799cb50a00561b318cba1c8c20737f20e4a47f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The fourth 1.20 bug-fix release (1.20.4) was released on 12 October 2022.
This release only contains bugfixes and it should be safe to upgrade from 1.20.x.
Highlighted bugfixes in 1.20.4
- avaudiodec: fix playback issue with WMA files, would throw an error at EOS with FFmpeg 5.x
- Fix deadlock when loading gst-editing-services plugin
- Fix input buffering capacity in live mode for aggregator, video/audio aggregator subclasses, muxers
- glimagesink: fix crash on Android
- subtitle handling and subtitle overlay fixes
- matroska-mux: allow width + height changes for avc3|hev1|vp8|vp9
- rtspsrc: fix control url handling for spec compliant servers and add fallback for incompliant servers
- WebRTC fixes
- RTP retransmission fixes
- video: fixes for formats with 4x subsampling and horizontal co-sited chroma (Y41B, YUV9, YVU9 and IYU9)
- macOS build and packaging fixes, in particular fix finding of gio modules on macOS for https/TLS support
- Fix consuming of the macOS package as a framework in XCode
- Performance improvements
- Miscellaneous bug fixes, memory leak fixes, and other stability and reliability improvements
(From OE-Core rev: cb8842b09959f4eefdc7d638a435db4361fd2441)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 58e4825328dafd7f593d9eb42be5506408627a31)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function
smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The
manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely.
The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to
fix this issue. The identifier of this vulnerability is VDB-213544.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-3965
Upstream Fix:
https://github.com/FFmpeg/FFmpeg/commit/13c13109759090b7f7182480d075e13b36ed8edd
(From OE-Core rev: c1f1ab29b5e2911a15b072e7feb0133320bad976)
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Siddharth Doshi
Archana Polampalli
Vijay Anusuri
Lee Chee Yang
Yogita Urade
mark.yang
Alexander Kanavin
Vivek Kumbhar
Soumya Sambu
Hitendra Prajapati
Colin McAllister
Meenali Gupta
Narpat Mali
Nikhil R
Pablo Saavedra
Pawan Badganchi
Khem Raj
Martin Jansa
Jose Quaresma
Wang Mingyu
Qiu, Zheng
Ross Burton