libde265: patch CVE-2022-1253

Details: https://nvd.nist.gov/vuln/detail/CVE-2022-1253 Pick the patch from the nvd report. The patch is only partially backported, because part of the vulnerable code was introuced only in a later version. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
author: Gyorgy Sarvari <skandigraun@gmail.com> 2025-11-28 21:18:32 +0100
committer: Gyorgy Sarvari <skandigraun@gmail.com> 2025-11-30 15:13:57 +0100
commit: 91c15953c0cde5fd07aeba7cbd953b00b91ea68b (patch)
tree: 4c92779da8597a2fb964153adf49313dbc89f6aa
parent: 7965aa07044022b3b4c8802bacdf5461c2000186 (diff)
download: meta-openembedded-91c15953c0cde5fd07aeba7cbd953b00b91ea68b.tar.gz
2 files changed, 37 insertions, 1 deletions
diff --git a/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2022-1253.patch b/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2022-1253.patch
new file mode 100644
index 0000000000..57c86101fe
--- /dev/null
+++ b/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2022-1253.patch
@@ -0,0 +1,34 @@
+From 4dcc28a63e12a6cc8b99bc8e96c5c764fc7a8f1d Mon Sep 17 00:00:00 2001
+From: Dirk Farin <dirk.farin@gmail.com>
+Date: Tue, 5 Apr 2022 09:52:57 +0200
+Subject: [PATCH] error on out-of-range cpb_cnt_minus1 (oss-fuzz issue 27590)
+CVE: CVE-2022-1253
+Upstream-Status: Backport [https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8]
+This is a partial backport of the linked commit. The vulnerability impacted
+two parts of the code, however one part, which deals with HRD parameters
+was only introduced in a later version (1.0.8), and is not present in
+the Kirkstone version yet (1.0.5).
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ libde265/sps.cc | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+diff --git a/libde265/sps.cc b/libde265/sps.cc
+index 476cdbb..37bde7b 100644
+--- a/libde265/sps.cc
+++ b/libde265/sps.cc
+@@ -425,7 +425,10 @@ de265_error seq_parameter_set::read(error_queue* errqueue, bitreader* br)
+ 
+   vui_parameters_present_flag = get_bits(br,1);
+   if (vui_parameters_present_flag) {
+-    vui.read(errqueue, br, this);
+    de265_error err = vui.read(errqueue, br, this);
+    if (err) {
+      return err;
+    }
+   }
+ 
+ 
diff --git a/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.5.bb b/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.5.bb
index d0ecd04f16..a9d5523bb5 100644
--- a/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.5.bb
+++ b/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.5.bb
@@ -8,7 +8,9 @@ LICENSE = "LGPL-3.0-only & MIT"
 LICENSE_FLAGS = "commercial"
 LIC_FILES_CHKSUM = "file://COPYING;md5=695b556799abb2435c97a113cdca512f"
-SRC_URI = "https://github.com/strukturag/libde265/releases/download/v${PV}/${BPN}-${PV}.tar.gz"
+SRC_URI = "https://github.com/strukturag/libde265/releases/download/v${PV}/${BPN}-${PV}.tar.gz \
+           file://CVE-2022-1253.patch \
+           "
 SRC_URI[sha256sum] = "e3f277d8903408615a5cc34718b391b83c97c646faea4f41da93bac5ee08a87f"
 EXTRA_OECONF = "--disable-sherlock265 --disable-dec265"
author	Gyorgy Sarvari <skandigraun@gmail.com>	2025-11-28 21:18:32 +0100
committer	Gyorgy Sarvari <skandigraun@gmail.com>	2025-11-30 15:13:57 +0100
commit	91c15953c0cde5fd07aeba7cbd953b00b91ea68b (patch)
tree	4c92779da8597a2fb964153adf49313dbc89f6aa
parent	7965aa07044022b3b4c8802bacdf5461c2000186 (diff)
download	meta-openembedded-91c15953c0cde5fd07aeba7cbd953b00b91ea68b.tar.gz

diff --git a/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2022-1253.patch b/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2022-1253.patch new file mode 100644 index 0000000000..57c86101fe --- /dev/null +++ b/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2022-1253.patch
@@ -0,0 +1,34 @@
		1	From 4dcc28a63e12a6cc8b99bc8e96c5c764fc7a8f1d Mon Sep 17 00:00:00 2001
		2	From: Dirk Farin <dirk.farin@gmail.com>
		3	Date: Tue, 5 Apr 2022 09:52:57 +0200
		4	Subject: [PATCH] error on out-of-range cpb_cnt_minus1 (oss-fuzz issue 27590)
		5
		6	CVE: CVE-2022-1253
		7	Upstream-Status: Backport [https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8]
		8
		9	This is a partial backport of the linked commit. The vulnerability impacted
		10	two parts of the code, however one part, which deals with HRD parameters
		11	was only introduced in a later version (1.0.8), and is not present in
		12	the Kirkstone version yet (1.0.5).
		13
		14	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		15	---
		16	libde265/sps.cc \| 5 ++++-
		17	1 file changed, 4 insertions(+), 1 deletion(-)
		18
		19	diff --git a/libde265/sps.cc b/libde265/sps.cc
		20	index 476cdbb..37bde7b 100644
		21	--- a/libde265/sps.cc
		22	+++ b/libde265/sps.cc
		23	@@ -425,7 +425,10 @@ de265_error seq_parameter_set::read(error_queue* errqueue, bitreader* br)
		24
		25	vui_parameters_present_flag = get_bits(br,1);
		26	if (vui_parameters_present_flag) {
		27	- vui.read(errqueue, br, this);
		28	+ de265_error err = vui.read(errqueue, br, this);
		29	+ if (err) {
		30	+ return err;
		31	+ }
		32	}
		33
		34


diff --git a/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.5.bb b/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.5.bb index d0ecd04f16..a9d5523bb5 100644 --- a/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.5.bb +++ b/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.5.bb
@@ -8,7 +8,9 @@ LICENSE = "LGPL-3.0-only & MIT"
8	LICENSE_FLAGS = "commercial"	8	LICENSE_FLAGS = "commercial"
9	LIC_FILES_CHKSUM = "file://COPYING;md5=695b556799abb2435c97a113cdca512f"	9	LIC_FILES_CHKSUM = "file://COPYING;md5=695b556799abb2435c97a113cdca512f"
10		10
11	SRC_URI = "https://github.com/strukturag/libde265/releases/download/v${PV}/${BPN}-${PV}.tar.gz"	11	SRC_URI = "https://github.com/strukturag/libde265/releases/download/v${PV}/${BPN}-${PV}.tar.gz \
		12	file://CVE-2022-1253.patch \
		13	"
12	SRC_URI[sha256sum] = "e3f277d8903408615a5cc34718b391b83c97c646faea4f41da93bac5ee08a87f"	14	SRC_URI[sha256sum] = "e3f277d8903408615a5cc34718b391b83c97c646faea4f41da93bac5ee08a87f"
13		15
14	EXTRA_OECONF = "--disable-sherlock265 --disable-dec265"	16	EXTRA_OECONF = "--disable-sherlock265 --disable-dec265"