diff options
Diffstat (limited to 'meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47219.patch')
| -rw-r--r-- | meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47219.patch | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47219.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47219.patch new file mode 100644 index 0000000000..7e77a02642 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47219.patch | |||
| @@ -0,0 +1,40 @@ | |||
| 1 | From b80803943388050cb870c95934fc52feeffb94ac Mon Sep 17 00:00:00 2001 | ||
| 2 | From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | ||
| 3 | Date: Sat, 3 May 2025 09:43:32 +0300 | ||
| 4 | Subject: [PATCH] qtdemux: Check if enough bytes are available for each stsd | ||
| 5 | entry | ||
| 6 | |||
| 7 | There must be at least 8 bytes for the length / fourcc of each entry. After | ||
| 8 | reading those, the length is already validated against the remaining available | ||
| 9 | bytes. | ||
| 10 | |||
| 11 | Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4407 | ||
| 12 | Fixes CVE-2025-47219 | ||
| 13 | |||
| 14 | Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/9137> | ||
| 15 | |||
| 16 | CVE: CVE-2025-47219 | ||
| 17 | Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/b80803943388050cb870c95934fc52feeffb94ac] | ||
| 18 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
| 19 | --- | ||
| 20 | gst/isomp4/qtdemux.c | 4 ++++ | ||
| 21 | 1 file changed, 4 insertions(+) | ||
| 22 | |||
| 23 | diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c | ||
| 24 | index 9844ac2..0a88fb9 100644 | ||
| 25 | --- a/gst/isomp4/qtdemux.c | ||
| 26 | +++ b/gst/isomp4/qtdemux.c | ||
| 27 | @@ -11124,6 +11124,10 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak, guint32 * mvhd_matrix) | ||
| 28 | gchar *codec = NULL; | ||
| 29 | QtDemuxStreamStsdEntry *entry = &stream->stsd_entries[stsd_index]; | ||
| 30 | |||
| 31 | + /* needs at least length and fourcc */ | ||
| 32 | + if (remaining_stsd_len < 8) | ||
| 33 | + goto corrupt_file; | ||
| 34 | + | ||
| 35 | /* and that entry should fit within stsd */ | ||
| 36 | len = QT_UINT32 (stsd_entry_data); | ||
| 37 | if (len > remaining_stsd_len) | ||
| 38 | -- | ||
| 39 | 2.50.1 | ||
| 40 | |||
