Univention Bugzilla – Bug 55594
libde265: Multiple issues (5.0)
Last modified: 2023-01-25 12:47:58 CET
New Debian libde265 1.0.3-1+deb10u3 fixes: This update addresses the following issues: * libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file. (CVE-2020-21596) * libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file. (CVE-2020-21597) * libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file. (CVE-2020-21598) * Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43235) * Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43236) * Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43237) * Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43238) * Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43239) * Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43240) * Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43241) * Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43242) * Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43243) * Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43244) * Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43245) * Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43248) * Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43249) * Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43250) * Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43252) * Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43253) * Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short> (CVE-2022-47655)
--- mirror/ftp/pool/main/libd/libde265/libde265_1.0.3-1+deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/libde265_1.0.3-1+deb10u3.dsc @@ -1,8 +1,42 @@ +1.0.3-1+deb10u3 [Tue, 24 Jan 2023 22:39:16 +0100] Tobias Frost <tobi@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * Source-only upload. (Last upload was accidentially a binary-upload) + +1.0.3-1+deb10u2 [Tue, 24 Jan 2023 21:42:47 +0100] Tobias Frost <tobi@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * Add patches: + - reject_reference_pics_from_different_sps.patch + - use_sps_from_the_image.patch + - recycle_sps_if_possible.patch + * Cherry-pick additional patches from upstream: + check-4-negative-Q-value.patch + CVE-2022-43245-fix-asan-wildpointer-apply_sao_internal.patch + * Add patch "fix-invalid-memory-access.patch" to avoid out-of-bound + array access leading to crashes. + * Add patch CVE-2020-21596-global-buffer-overflow.patch + * Add patch to avoid use-after-free problems. + * Cumulative, the patches are fixing: + CVE-2020-21596, CVE-2020-21597, CVE-2020-21598, CVE-2022-43235, + CVE-2022-43236, CVE-2022-43237, CVE-2022-43238, CVE-2022-43239, + CVE-2022-43240, CVE-2022-43241, CVE-2022-43242, CVE-2022-43243, + CVE-2022-43244, CVE-2022-43245, CVE-2022-43248, CVE-2022-43249, + CVE-2022-43250, CVE-2022-43252, CVE-2022-43253, CVE-2022-47655. + (Closes: #1029357, #1029397, #1025816, #1027179) + * Amend changelog of 1.0.3-1+deb10u1, as it turned out that the + fix for CVE 2020-51999 and CVE 2021-36408 fixed other issues too. + 1.0.3-1+deb10u1 [Thu, 15 Dec 2022 17:40:12 +0100] Tobias Frost <tobi@debian.org>: * Non-maintainer upload by the LTS Security Team. * Cherry-pick upstream patches for: - - CVE-2020-21599 (See #1014999) + - CVE-2020-21599 (Closes #1014999) - CVE-2021-35452, CVE-2021-36408, CVE-2021-36409, CVE-2021-36410 and - CVE-2021-36411 (Closes: 1014977) + CVE-2021-36411 (Closes: #1014977) + * The fix for CVE-2020-21599 also fixed: + CVE-2020-21595, CVE-2020-21600, CVE-2020-21601, CVE-2020-21602, + CVE-2020-21603, CVE-2020-21604, CVE-2020-21605, CVE-2020-21606 + * The fix for CVE-2021-36408 also fixed: + CVE-2020-21597, CVE-2020-21598. (Closes: #1004963) <http://piuparts.knut.univention.de/5.0-2/#4631787962763614262>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-2] 5f39b7436d Bug #55594: libde265 1.0.3-1+deb10u3 doc/errata/staging/libde265.yaml | 111 ++++++++++++++------------------------- 1 file changed, 39 insertions(+), 72 deletions(-) [5.0-2] a94ff354a7 Bug #55594: libde265 1.0.3-1+deb10u3 doc/errata/staging/libde265.yaml | 103 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 103 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x549>