-
-
Notifications
You must be signed in to change notification settings - Fork 457
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap-buffer-overflow (libde265/build/libde265/libde265.so+0x2b6bbb) in ff_hevc_put_hevc_qpel_pixels_8_sse(short*, long, unsigned char const*, long, int, int, short*) #368
Comments
@xidoo123 is there a CVE associated with this report? |
Not yet |
When applying #366, asan is happy. |
Does not segfault anymore with the recent fixes (current: 9737c3e).
|
Assertions will not be available in release builds, so this will still trigger the overflow. Even if it would assert, you could cause a service to core dump by uploading such a file, leading to a denial of service. IMHO would be better to handle this more gracefully. |
The assertion disappeared with 5583f98. Apparently, it was triggered by my debug output only... |
The Debian security tracker thinks this is: CVE-2022-47664 |
according to commits linked here: strukturag/libde265#368
Description
heap-buffer-overflow (libde265/build/libde265/libde265.so+0x2b6bbb) in ff_hevc_put_hevc_qpel_pixels_8_sse(short*, long, unsigned char const*, long, int, int, short*)
Version info
Reproduce
ASAN
POC
660.zip
Impact
Potentially causing DoS and RCE
Credit
Xdchase
The text was updated successfully, but these errors were encountered: