| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-avidemux-Fix-integer-overflow-resulting-in-heap-corr.patch | [PATCH] avidemux: Fix integer overflow resulting in heap corruption in DIB buffer inversion code Check that width*bpp/8 doesn't overflow a guint and also that height*stride fits into the provided buffer without overflowing. Thanks to Adam Doupe for analyzing and reporting the issue. See https://gstreamer.freedesktop.org/security/sa-2022-0001.html Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1224 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | 2022-05-18 | ||
| 0001-matroskademux-Avoid-integer-overflow-resulting-in-he.patch | [PATCH] matroskademux: Avoid integer-overflow resulting in heap corruption in WavPack header handling code blocksize + WAVPACK4_HEADER_SIZE might overflow gsize, which then results in allocating a very small buffer. Into that buffer blocksize data is memcpy'd later which then causes out of bound writes and can potentially lead to anything from crashes to remote code execution. Thanks to Adam Doupe for analyzing and reporting the issue. https://gstreamer.freedesktop.org/security/sa-2022-0004.html Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1226 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | 2022-05-18 | ||
| 0001-matroskademux-Fix-integer-overflows-in-zlib-bz2-etc-.patch | [PATCH] matroskademux: Fix integer overflows in zlib/bz2/etc decompression code Various variables were of smaller types than needed and there were no checks for any overflows when doing additions on the sizes. This is all checked now. In addition the size of the decompressed data is limited to 120MB now as any larger sizes are likely pathological and we can avoid out of memory situations in many cases like this. Also fix a bug where the available output size on the next iteration in the zlib/bz2 decompression code was provided too large and could potentially lead to out of bound writes. Thanks to Adam Doupe for analyzing and reporting the issue. https://gstreamer.freedesktop.org/security/sa-2022-0002.html Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | 2022-05-18 | ||
| 0001-qtdemux-Fix-integer-overflows-in-zlib-decompression-.patch | [PATCH] qtdemux: Fix integer overflows in zlib decompression code Various variables were of smaller types than needed and there were no checks for any overflows when doing additions on the sizes. This is all checked now. In addition the size of the decompressed data is limited to 200MB now as any larger sizes are likely pathological and we can avoid out of memory situations in many cases like this. Also fix a bug where the available output size on the next iteration in the zlib decompression code was provided too large and could potentially lead to out of bound writes. Thanks to Adam Doupe for analyzing and reporting the issue. https://gstreamer.freedesktop.org/security/sa-2022-0003.html Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | 2022-05-30 | ||
| GST-2023-0001.patch | no |