dgit.raspbian.org Git - gst-plugins-bad1.0.git/commit

CVE-2023-40476

commit fddda166222a067d0e511950a0a8cfb9f5a521b7
Author: Nicolas Dufresne <nicolas.dufresne@collabora.com>
Date:   Wed Aug 9 12:49:19 2023 -0400

    h265parser: Fix possible overflow using max_sub_layers_minus1

    This fixes a possible overflow that can be triggered by an invalid value of
    max_sub_layers_minus1 being set in the bitstream. The bitstream uses 3 bits,
    but the allowed range is 0 to 6 only.

    Fixes ZDI-CAN-21768, CVE-2023-40476

    Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2895

    Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5366>

Gbp-Pq: Name CVE-2023-40476.patch

author	Maintainers of GStreamer packages <gst-plugins-bad1.0@packages.debian.org>
	Fri, 27 Oct 2023 20:55:02 +0000 (22:55 +0200)
committer	Thorsten Alteholz <debian@alteholz.de>
	Fri, 27 Oct 2023 20:55:02 +0000 (22:55 +0200)
commit	3b37aabe0e9dbafca04c18f5141879e0286b2749
tree	f65d7d543057d3e2b4210ee745f4a2801cb3aec6	tree \| snapshot
parent	1f9bbfb926a2aa7e3089c714a9cc27613fa348af	commit \| diff