projects / gst-plugins-bad1.0.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 10bcc91) | patch
CVE-2023-40474
authorMaintainers of GStreamer packages <gst-plugins-bad1.0@packages.debian.org>
Sun, 26 Nov 2023 20:55:02 +0000 (22:55 +0200)
committerThorsten Alteholz <debian@alteholz.de>
Sun, 26 Nov 2023 20:55:02 +0000 (22:55 +0200)
commit54eda4aa0cba7027d8a066344372d9da1db5fa6f
treefcf66ada6e3830da58a324178bfa11135a292477tree | snapshot
parent10bcc915535e1e474016a7841f986a3959e17b00commit | diff
CVE-2023-40474

commit f73fc41f2ca6a0cd4e883aee64bf8e1c15ff68ce
Author: Sebastian Dröge <sebastian@centricular.com>
Date:   Thu Aug 10 15:45:01 2023 +0300

    mxfdemux: Fix integer overflow causing out of bounds writes when handling invalid uncompressed video

    Check ahead of time when parsing the track information whether
    width, height and bpp are valid and usable without overflows.

    Fixes ZDI-CAN-21660, CVE-2023-40474

    Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2896

    Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5365>

Gbp-Pq: Name CVE-2023-40474.patch
gst/mxf/mxfup.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.