-
-
Notifications
You must be signed in to change notification settings - Fork 455
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Heap-buffer-overflow in fallback-motion.cc: in void put_qpel_fallback<unsigned short> #342
Labels
Comments
coldtobi
pushed a commit
to coldtobi/libde265
that referenced
this issue
Dec 12, 2022
See strukturag#345 for my analysis and details… (This PR is just for discussion.) (The CVE references are obtained from the Debian security tracker, which links the issues.) This makes the following POCs stop failing: - poc3 (strukturag#337) - poc7-1 (strukturag#341) CVE-2022-43239 (note: does NOT fix poc7-2) - poc8-2, poc8-3, poc8-4 (strukturag#342) CVE-2022-43244 (note: does NOT fix poc8-1) - poc11-1, poc11-2 (strukturag#345) CVE-2022-43249 - poc12 (strukturag#346) - poc13 (strukturag#347) CVE-2022-43252 - poc16 (strukturag#350)
This was referenced Dec 12, 2022
According to Debian this is CVE-2022-43244 |
coldtobi
pushed a commit
to coldtobi/libde265
that referenced
this issue
Dec 12, 2022
(as e.g mc_chroma is using the sps to determine picture properties, like pic_width_in_luma_samples and pic_height_in_luma_samples, I *think* this is more correct. This PR is for discussion. (See strukturag#345.) It makes the failures go away, but that does not mean it's correct :) The following poc will be stop failing if (only) this patch is applied: - poc2 strukturag#336 - CVE-2022-43238 - poc4 strukturag#338 - CVE-2022-43241 - poc6-1, poc6-2 strukturag#340 - CVE-2022-43242 - poc7-1, poc7-2 strukturag#341 - CVE-2022-43239 - poc8-1 strukturag#342 - CVE-2022-43244 - poc9-3 strukturag#343 - CVE-2022-43236 - poc10-2, poc10-3 strukturag#344 - CVE-2022-43237 - poc16 strukturag#350 - poc19 strukturag#353 The following are still failing if only this patch is applied, but they stop failing if strukturag#365 is applied as well, but will still fail with ONLY strukturag#365 applied (IOW, both are needed) - poc1 strukturag#335 - CVE-2022-43240 - poc3 strukturag#337 - CVE-2022-43235 - poc5 strukturag#339 - CVE-2022-43423 - poc9-1,poc9-2, poc9-4 strukturag#343 - CVE-2022-43236 - poc14 strukturag#348 - CVE-2022-43253 - poc15 strukturag#349 - CVE-2022-43248 - poc17-1, poc17-2 strukturag#351 - poc18 strukturag#352 - CVE-2022-43245
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Heap-buffer-overflow (/libde265/build/libde265/liblibde265.so+0x14b860) in void put_qpel_fallback(short*, long, unsigned short const*, long, int, int, short*, int, int, int)
Version
Replay
ASAN
POC
https://github.com/FDU-Sec/poc/blob/main/libde265/poc8-1
https://github.com/FDU-Sec/poc/blob/main/libde265/poc8-2
https://github.com/FDU-Sec/poc/blob/main/libde265/poc8-3
https://github.com/FDU-Sec/poc/blob/main/libde265/poc8-4
Environment
Credit
Peng Deng (Fudan University)
The text was updated successfully, but these errors were encountered: