From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 06/19] gstreamer1.0-plugins-good: Fix CVE-2024-47606
Date: Tue, 7 Jan 2025 10:08:24 -0800 [thread overview]
Message-ID: <4c138c3c04f856b100ce2c8e8e96025edde4c841.1736273200.git.steve@sakoman.com> (raw)
In-Reply-To: <cover.1736273200.git.steve@sakoman.com>
From: Vijay Anusuri <vanusuri@mvista.com>
Upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../CVE-2024-47606.patch | 44 +++++++++++++++++++
.../gstreamer1.0-plugins-good_1.20.7.bb | 1 +
2 files changed, 45 insertions(+)
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47606.patch
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47606.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47606.patch
new file mode 100644
index 0000000000..fe4bdc8802
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47606.patch
@@ -0,0 +1,44 @@
+From f8e398c46fc074f266edb3f20479c0ca31b52448 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Thu, 26 Sep 2024 22:16:06 +0300
+Subject: [PATCH] qtdemux: Avoid integer overflow when parsing Theora extension
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-166
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3851
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f8e398c46fc074f266edb3f20479c0ca31b52448]
+CVE: CVE-2024-47606
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ subprojects/gst-plugins-good/gst/isomp4/qtdemux.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/subprojects/gst-plugins-good/gst/isomp4/qtdemux.c b/subprojects/gst-plugins-good/gst/isomp4/qtdemux.c
+index 5e3cb1b9e699..c2d8b5e0f134 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -8822,7 +8822,7 @@ qtdemux_parse_theora_extension (GstQTDemux * qtdemux, QtDemuxStream * stream,
+ end -= 8;
+
+ while (buf < end) {
+- gint size;
++ guint32 size;
+ guint32 type;
+
+ size = QT_UINT32 (buf);
+@@ -8830,7 +8830,7 @@ qtdemux_parse_theora_extension (GstQTDemux * qtdemux, QtDemuxStream * stream,
+
+ GST_LOG_OBJECT (qtdemux, "%p %p", buf, end);
+
+- if (buf + size > end || size <= 0)
++ if (end - buf < size || size < 8)
+ break;
+
+ buf += 8;
+--
+GitLab
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.7.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.7.bb
index f57797d236..ab14dea58d 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.7.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.7.bb
@@ -27,6 +27,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go
file://CVE-2024-47540_47601_47602_47603_47834-5.patch \
file://CVE-2024-47540_47601_47602_47603_47834-6.patch \
file://CVE-2024-47540_47601_47602_47603_47834-7.patch \
+ file://CVE-2024-47606.patch \
"
SRC_URI[sha256sum] = "599f093cc833a1e346939ab6e78a3f8046855b6da13520aae80dd385434f4ab2"
--
2.43.0
next prev parent reply other threads:[~2025-01-07 18:09 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-07 18:08 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
2025-01-07 18:08 ` [OE-core][kirkstone 01/19] gstreamer1.0-plugins-base: Fix for multiple CVE's Steve Sakoman
2025-01-07 18:08 ` [OE-core][kirkstone 02/19] gstreamer1.0: Backport fix for CVE-2024-47606 Steve Sakoman
2025-01-07 18:08 ` [OE-core][kirkstone 03/19] gstreamer1.0-plugins-good: fix several CVE's Steve Sakoman
2025-01-07 18:08 ` [OE-core][kirkstone 04/19] gstreamer1.0-plugins-good: Fix for CVE-2024-47599 Steve Sakoman
2025-01-07 18:08 ` [OE-core][kirkstone 05/19] gstreamer1.0-plugins-good: Fix multiple CVEs Steve Sakoman
2025-01-07 18:08 ` Steve Sakoman [this message]
2025-01-07 18:08 ` [OE-core][kirkstone 07/19] gstreamer1.0-plugins-good: Fix CVE-2024-47613 Steve Sakoman
2025-01-07 18:08 ` [OE-core][kirkstone 08/19] gstreamer1.0-plugins-good: Fix CVE-2024-47774 Steve Sakoman
2025-01-07 18:08 ` [OE-core][kirkstone 09/19] gstreamer1.0-plugins-good: Fix multiple CVE's Steve Sakoman
2025-01-07 18:08 ` [OE-core][kirkstone 10/19] linux-yocto/5.15: update to v5.15.167 Steve Sakoman
2025-01-07 18:08 ` [OE-core][kirkstone 11/19] linux-yocto/5.10: update to v5.10.226 Steve Sakoman
2025-01-07 18:24 ` Patchtest results for " patchtest
2025-01-07 18:08 ` [OE-core][kirkstone 12/19] linux-yocto/5.10: update to v5.10.227 Steve Sakoman
2025-01-07 18:08 ` [OE-core][kirkstone 13/19] linux-yocto/5.15: update to v5.15.168 Steve Sakoman
2025-01-07 18:08 ` [OE-core][kirkstone 14/19] linux-yocto/5.15: update to v5.15.169 Steve Sakoman
2025-01-07 18:08 ` [OE-core][kirkstone 15/19] linux-yocto/5.15: update to v5.15.170 Steve Sakoman
2025-01-07 18:08 ` [OE-core][kirkstone 16/19] linux-yocto/5.15: update to v5.15.171 Steve Sakoman
2025-01-07 18:08 ` [OE-core][kirkstone 17/19] linux-yocto/5.15: update to v5.15.173 Steve Sakoman
2025-01-07 18:08 ` [OE-core][kirkstone 18/19] linux-yocto/5.15: update to v5.15.174 Steve Sakoman
2025-01-07 18:08 ` [OE-core][kirkstone 19/19] linux-yocto/5.15: update to v5.15.175 Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4c138c3c04f856b100ce2c8e8e96025edde4c841.1736273200.git.steve@sakoman.com \
--to=steve@sakoman.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox