1 files changed, 40 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47219.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47219.patch
new file mode 100644
index 0000000000..7e77a02642
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47219.patch
@@ -0,0 +1,40 @@
+From b80803943388050cb870c95934fc52feeffb94ac Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Sat, 3 May 2025 09:43:32 +0300
+Subject: [PATCH] qtdemux: Check if enough bytes are available for each stsd
+ entry
+There must be at least 8 bytes for the length / fourcc of each entry. After
+reading those, the length is already validated against the remaining available
+bytes.
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4407
+Fixes CVE-2025-47219
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/9137>
+CVE: CVE-2025-47219
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/b80803943388050cb870c95934fc52feeffb94ac]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ gst/isomp4/qtdemux.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index 9844ac2..0a88fb9 100644
+--- a/gst/isomp4/qtdemux.c
+++ b/gst/isomp4/qtdemux.c
+@@ -11124,6 +11124,10 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak, guint32 * mvhd_matrix)
+     gchar *codec = NULL;
+     QtDemuxStreamStsdEntry *entry = &stream->stsd_entries[stsd_index];
+ 
+    /* needs at least length and fourcc */
+    if (remaining_stsd_len < 8)
+      goto corrupt_file;
+
+     /* and that entry should fit within stsd */
+     len = QT_UINT32 (stsd_entry_data);
+     if (len > remaining_stsd_len)
+-- 
+2.50.1

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47219.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47219.patch new file mode 100644 index 0000000000..7e77a02642 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47219.patch
@@ -0,0 +1,40 @@
	1	From b80803943388050cb870c95934fc52feeffb94ac Mon Sep 17 00:00:00 2001
	2	From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
	3	Date: Sat, 3 May 2025 09:43:32 +0300
	4	Subject: [PATCH] qtdemux: Check if enough bytes are available for each stsd
	5	entry
	6
	7	There must be at least 8 bytes for the length / fourcc of each entry. After
	8	reading those, the length is already validated against the remaining available
	9	bytes.
	10
	11	Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4407
	12	Fixes CVE-2025-47219
	13
	14	Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/9137>
	15
	16	CVE: CVE-2025-47219
	17	Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/b80803943388050cb870c95934fc52feeffb94ac]
	18	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
	19	---
	20	gst/isomp4/qtdemux.c \| 4 ++++
	21	1 file changed, 4 insertions(+)
	22
	23	diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
	24	index 9844ac2..0a88fb9 100644
	25	--- a/gst/isomp4/qtdemux.c
	26	+++ b/gst/isomp4/qtdemux.c
	27	@@ -11124,6 +11124,10 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak, guint32 * mvhd_matrix)
	28	gchar *codec = NULL;
	29	QtDemuxStreamStsdEntry *entry = &stream->stsd_entries[stsd_index];
	30
	31	+ /* needs at least length and fourcc */
	32	+ if (remaining_stsd_len < 8)
	33	+ goto corrupt_file;
	34	+
	35	/* and that entry should fit within stsd */
	36	len = QT_UINT32 (stsd_entry_data);
	37	if (len > remaining_stsd_len)
	38	--
	39	2.50.1
	40