helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-02 02:49:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

libebml: patch CVE-2015-8791

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2015-8791

Backport the patch that is referenced by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari 2026-02-13 16:42:26 +01:00
parent d27a3be1f6
commit 122941ea98
2 changed files with 34 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
meta-multimedia/recipes-mkv/libebml/libebml/CVE-2015-8791.patch Normal file
View File

@ -0,0 +1,29 @@
From 22b87d8217606d891e73fc59a598bae830e61d65 Mon Sep 17 00:00:00 2001
From: Moritz Bunkus <moritz@bunkus.org>
Date: Tue, 20 Oct 2015 14:49:44 +0200
Subject: [PATCH] EbmlElement: don't read beyond end of buffer when reading
variable length integers
CVE: CVE-2015-8791
Upstream-Status: Backport [https://github.com/Matroska-Org/libebml/commit/24e5cd7c666b1ddd85619d60486db0a5481c1b90]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
src/EbmlElement.cpp | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/EbmlElement.cpp b/src/EbmlElement.cpp
index 4b96d06..0969468 100644
--- a/src/EbmlElement.cpp
+++ b/src/EbmlElement.cpp
@@ -149,6 +149,11 @@ uint64 ReadCodedSizeValue(const binary * InBuffer, uint32 & BufferSize, uint64 &
// ID found
PossibleSizeLength = SizeIdx + 1;
SizeBitMask >>= SizeIdx;
+
+ // Guard against invalid memory accesses with incomplete IDs.
+ if (PossibleSizeLength > BufferSize)
+ break;
+
for (SizeIdx = 0; SizeIdx < PossibleSizeLength; SizeIdx++) {
PossibleSize[SizeIdx] = InBuffer[SizeIdx];
}

10
meta-multimedia/recipes-mkv/libebml/libebml_1.3.0.bb
View File

@ -2,11 +2,11 @@ SUMMARY = "libebml is a C++ libary to parse EBML files"
LICENSE = "LGPL-2.1-only"
LIC_FILES_CHKSUM = "file://LICENSE.LGPL;md5=7fbc338309ac38fefcd64b04bb903e34"
SRC_URI = "\
http://dl.matroska.org/downloads/libebml/libebml-${PV}.tar.bz2 \
file://ldflags.patch \
file://override-uname.patch \
"
SRC_URI = "http://dl.matroska.org/downloads/libebml/libebml-${PV}.tar.bz2 \
file://ldflags.patch \
file://override-uname.patch \
file://CVE-2015-8791.patch \
"
SRC_URI[md5sum] = "efec729bf5a51e649e1d9d1f61c0ae7a"
SRC_URI[sha256sum] = "83b074d6b62715aa0080406ea84d33df2e44b5d874096640233a4db49b8096de"