projects / gst-plugins-bad1.0.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 17c3415) | patch
CVE-2023-40474
authorMaintainers of GStreamer packages <gst-plugins-bad1.0@packages.debian.org>
Fri, 27 Oct 2023 20:55:02 +0000 (22:55 +0200)
committerThorsten Alteholz <debian@alteholz.de>
Fri, 27 Oct 2023 20:55:02 +0000 (22:55 +0200)
commit46562b77e9eb53e4fe536f759ad253d85c1def80
tree3ceed67c1cafd3dc7a348bbe4ce87cfa8929b980tree | snapshot
parent17c3415b9c0b8dc46ed039d9e250f0c8376496f2commit | diff
CVE-2023-40474

commit f73fc41f2ca6a0cd4e883aee64bf8e1c15ff68ce
Author: Sebastian Dröge <sebastian@centricular.com>
Date:   Thu Aug 10 15:45:01 2023 +0300

    mxfdemux: Fix integer overflow causing out of bounds writes when handling invalid uncompressed video

    Check ahead of time when parsing the track information whether
    width, height and bpp are valid and usable without overflows.

    Fixes ZDI-CAN-21660, CVE-2023-40474

    Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2896

    Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5365>

Gbp-Pq: Name CVE-2023-40474.patch
gst/mxf/mxfup.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.