CVE-2023-40475
commit
1edd1c38dcc5d27e7c5649d999ee8278872a16d4
Author: Sebastian Dröge <sebastian@centricular.com>
Date: Thu Aug 10 15:47:03 2023 +0300
mxfdemux: Check number of channels for AES3 audio
Only up to 8 channels are allowed and using a higher number would cause
integer overflows when copying the data, and lead to out of bound
writes.
Also check that each buffer is at least 4 bytes long to avoid another
overflow.
Fixes ZDI-CAN-21661, CVE-2023-40475
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2897
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5365>
Gbp-Pq: Name CVE-2023-40475.patch
projects / gst-plugins-bad1.0.git / commit