Bug#1050836: oggvideotools: CVE-2020-21722 CVE-2020-21723 CVE-2020-21724

To: Moritz Mühlenhoff <jmm@inutil.org>, 1050836@bugs.debian.org
Subject: Bug#1050836: oggvideotools: CVE-2020-21722 CVE-2020-21723 CVE-2020-21724
From: Petter Reinholdtsen <pere@hungry.com>
Date: Sun, 8 Sep 2024 07:37:03 +0200
Message-id: <[🔎] Zt03_zcK2NJU-WSw@hjemme.reinholdtsen.name>
Reply-to: Petter Reinholdtsen <pere@hungry.com>, 1050836@bugs.debian.org
In-reply-to: <ZO5cGhD3X9AuDFDA@pisco.westfalen.local>
References: <ZO5cGhD3X9AuDFDA@pisco.westfalen.local> <ZO5cGhD3X9AuDFDA@pisco.westfalen.local>

[Moritz Mühlenhoff]
> CVE-2020-21723[1]:
> | A Segmentation Fault issue discovered
> | StreamSerializer::extractStreams function in streamSerializer.cpp in
> | oggvideotools 0.9.1 allows remote attackers to cause a denial of
> | service (crash) via opening of crafted ogg file.
> 
> https://sourceforge.net/p/oggvideotools/bugs/10

I believe the following patch fixes this issue:

--- oggvideotools-0.9.1.orig/src/main/streamSerializer.cpp
+++ oggvideotools-0.9.1/src/main/streamSerializer.cpp
@@ -158,6 +158,14 @@ bool StreamSerializer::extractStreams()
 
         OggPacket         oggPacket;
         StreamEntry&      entry         = streamList[serialID];
+
+	/* Reject Ogg files where serialID to not point to valid
+	   stream (CVE-2020-21723,
+	   <URL: https://sourceforge.net/p/oggvideotools/bugs/10/ >). */
+	if (! entry.streamDecoder) {
+            break;
+	}
+
         OggStreamDecoder& streamDecoder = *(entry.streamDecoder);
 
         streamDecoder << oggPage;

It is already commited to the Debian salsa git repository.

-- 
Happy hacking
Petter Reinholdtsen

Reply to:

Prev by Date: flowblade is marked for autoremoval from testing
Next by Date: Processed: kodi
Previous by thread: flowblade is marked for autoremoval from testing
Next by thread: Processed: kodi
Index(es):
- Date
- Thread