Opened 14 months ago

Closed 14 months ago

#19184 closed enhancement (fixed)

gstreamer-1.22.9 gst-plugins-base gst-plugins-good gst-plugins-bad gst-plugins-ugly gst-libav gstreamer-vaapi

Reported by: Bruce Dubbs Owned by: Douglas R. Reno
Priority: elevated Milestone: 12.1
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (5)

comment:1 by Xi Ruoyao, 14 months ago

Highlighted bugfixes in 1.22.9

  • More Security fixes for the AV1 video codec parser
  • va: fixes for Mesa Gallium drivers in Mesa versions older than v23.2
  • v4l2src: Consider framerate during caps selection
  • v4l2codec: decoder fixes
  • rtspsrc: multicast fixes
  • camerabin viewfinder fixes
  • various bug fixes, build fixes, memory leak fixes, and other stability and reliability improvements

gstreamer

  • aggregator: fix use-after-free in queries processing
  • multiqueue: Ignore queue fullness for most events

gst-plugins-base

  • audiobasesink: Don't wait on gap events
  • audioconvert: change gst_audio_convert_get_unit_size() log levels
  • glcolorconvert: Correct transform_caps direction
  • gloverlay: Apply updated overlay coordinates correctly
  • videorate: keep pool if max_buffers is unlimited

gst-plugins-good

  • rtpsession: Only warn once if configured latency needs to be known but isn't yet
  • rtphdrext-clientaudiolevel: Fix level value being written by the extension
  • rtspsrc: set multicast-iface on udpsinks and fix RTCP sink TTL
  • v4l2object: clear old fds when initializing poll during opening v4l2 device
  • v4l2src: Consider framerate during caps selection
  • vpxdec: Use appropriate domain and code for decoding errors

gst-plugins-bad

  • av1parser: Fix potential stack overflow during tile list parsing
  • camerabin: Correctly relink viewfinderbin_queue
  • GstPlay: Fix error details parsing
  • h264decoder: Handle malformed avc/avc3 packets
  • h264decoder: h265decoder: Align with wraparound fix
  • vp8decoder: vp9decoder: av1decoder: mpeg2decoder: Fix multiplication wraparound
  • vah264enc/vah264dec issues after recent upgrade to 1.22.8 from 1.22.7
  • va: fixes for Mesa Gallium drivers in Mesa versions older than v23.2
  • vp9parse: Fix critical warning during caps negotiation

gst-plugins-ugly

  • No changes

gst-libav

  • No changes

gstreamer-vaapi

  • No changes

comment:2 by Xi Ruoyao, 14 months ago

Priority: normalelevated

comment:3 by Douglas R. Reno, 14 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:4 by Douglas R. Reno, 14 months ago

Summary: AV1 codec parser potential buffer overflow during tile list parsing

Details: Heap-based buffer overflow in the AV1 codec parser when handling certain malformed streams before GStreamer 1.22.9

Impact: It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.

The CVE number is CVE-2024-0444

comment:5 by Douglas R. Reno, 14 months ago

Resolution: fixed
Status: assignedclosed

Fixed at 5d82b9253580dd8864a6bba9742b935c00b37c92

SA-12.0-081 issued

Note: See TracTickets for help on using tickets.