Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
---|---|---|---|---|---|---|
02_opencv-data-path.patch | =================================================================== | no | ||||
0001-h2645parser-Catch-overflows-in-AVC-HEVC-NAL-unit-length.patch | [PATCH] h2645parser: Catch overflows in AVC/HEVC NAL unit length calculations Offset and size are stored as 32 bit guint and might overflow when adding the nal_length_size, so let's avoid that. For the size this would happen if the AVC/HEVC NAL unit size happens to be stored in 4 bytes and is 4294967292 or higher, which is likely corrupted data anyway. For the offset this is something for the caller of these functions to take care of but is unlikely to happen as it would require parsing on a >4GB buffer. Allowing these overflows causes all kinds of follow-up bugs in the h2645parse elements, ranging from infinite loops and memory leaks to potential memory corruptions. |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | 2021-03-23 | ||
GST-2023-0003.patch | no | |||||
h265parser-Fix-possible-overflow-using-max_sub_layer.patch | h265parser: Fix possible overflow using max_sub_layers_minus1 This fixes a possible overflow that can be triggered by an invalid value of max_sub_layers_minus1 being set in the bitstream. The bitstream uses 3 bits, but the allowed range is 0 to 6 only. Fixes ZDI-CAN-21768, CVE-2023-40476 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2895 |
Nicolas Dufresne <nicolas.dufresne@collabora.com> | no | debian | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/fddda166222a067d0e511950a0a8cfb9f5a521b7 | 2023-08-09 |
mxfdemux-Fix-integer-overflow-causing-out-of-bounds-.patch | mxfdemux: Fix integer overflow causing out of bounds writes when handling invalid uncompressed video Check ahead of time when parsing the track information whether width, height and bpp are valid and usable without overflows. Fixes ZDI-CAN-21660, CVE-2023-40474 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2896 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | debian | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f73fc41f2ca6a0cd4e883aee64bf8e1c15ff68ce | 2023-08-10 |
mxfdemux-Check-number-of-channels-for-AES3-audio.patch | mxfdemux: Check number of channels for AES3 audio Only up to 8 channels are allowed and using a higher number would cause integer overflows when copying the data, and lead to out of bound writes. Also check that each buffer is at least 4 bytes long to avoid another overflow. Fixes ZDI-CAN-21661, CVE-2023-40475 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2897 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | debian | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1edd1c38dcc5d27e7c5649d999ee8278872a16d4 | 2023-08-10 |
codecparsers-av1-Clip-max-tile-rows-and-cols-values.patch | codecparsers: av1: Clip max tile rows and cols values Clip tile rows and cols to 64 as describe in AV1 specification. Fixes ZDI-CAN-22226 / CVE-2023-44429 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3015 |
Benjamin Gaignard <benjamin.gaignard@collabora.com> | no | debian | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/b76a801f57353b893c344025cac56413140fca6d | 2023-10-04 |
mxfdemux-Store-GstMXFDemuxEssenceTrack-in-their-own-.patch | mxfdemux: Store GstMXFDemuxEssenceTrack in their own fixed allocation Previously they were stored inline inside a GArray, but as references to the tracks were stored in various other places although the array could still be updated (and reallocated!), this could lead to dangling references in various places. Instead now store them in a GPtrArray in their own allocation so each track's memory position stays fixed. Fixes ZDI-CAN-22299 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3055 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | debian | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/7dfaa57b6f9b55f17ffe824bd8988bb71ae11353 | 2023-10-20 |
av1parser-Fix-potential-stack-overflow-during-tile-l.patch | av1parser: Fix potential stack overflow during tile list parsing The tile_count_minus_1 must be less than or equal to 511 as specified in spec "6.11.1 General tile list OBU semantics" Fixes #3214 / CVE-2024-0444 / ZDI-CAN-22873 |
Seungha Yang <seungha@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/394d5066f8a7b728df02fe9084e955b2f7d7f6fe | 2024-01-10 |