[SECURITY] [DSA 5870-1] openh264 security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5870-1] openh264 security update
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 26 Feb 2025 21:54:08 +0000
Message-id: <[🔎] E1tnPM0-005MW5-FP@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5870-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
February 26, 2025                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openh264
CVE ID         : CVE-2025-27091
Debian Bug     : 1098470

A heap-based buffer overflow flaw in the decoding functions of openh264,
a codec library which supports H.264 encoding and decoding, may allow a
remote attacker to cause a denial of service or the execution of
arbitrary code if a specially crafted video is processed.

For the stable distribution (bookworm), this problem has been fixed in
version 2.3.1+dfsg-3+deb12u1.

We recommend that you upgrade your openh264 packages.

For the detailed security status of openh264 please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/openh264

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAme/jFlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SchQ/5AT44olo55wkG91dSp/uRQ6rhOSG3n/Rw7MnX5jjWj3l9whFiXlOK3GVl
O8pFfnONLecP/TQYEtcGCsDZphxKRjpH4ysCAs2VwVXgZJ9mXuO5uTyzd+tFqXtE
cnO6MBg1YoBqstsHy7XLTfjNRnCU5lXSYORmPw7i6XBTXnY4PSMmDlt95cjEW2hj
iYzp6LDleu5pdf9fOwxlmAp2CI+JzBxCvmRPMEle/ZrgMoDMKJMgp5yrAIGAIk1b
tEJlE+G5kqi1GSKb7tu1LAlomAt2n2pqpxBOAUR4HZvhlw1JsfUoyuvrVHso9qY6
6xTCsETUx3s2W9QWji7Q9Fnkoe2jAv3CkBckVPtQABhNPfuSTexBI+fgVOYfn+b2
/EMwhlhSwZww6jRLv8WPRs93Oqc55VgxwvI+5cr8spsOQ08nwI2GwC8cJT+5pHFc
AhsgcOv4iZHPVdOAcNm/+q4CBqijWxQKhP2bs5wZKb8uCSfXVzUZjDXLTVNRAkfo
ocVClcilTzVZAIP5ywLBLSfJB0eqifCGHfdtgEJ8pHBYLZMEVvB1JE72XtsSHxun
w3tMMULU48BKs9OWLFqZdSQtEmI/IlpXCuuyTqQ832G18YSZK47wFi+oxQtfaOa3
RBttv0934zo8zsaH2rE37m3aBATCwAQn7BXG2zO7P/DriuqOnAc=
=NtPt
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5869-1] chromium security update
Previous by thread: [SECURITY] [DSA 5869-1] chromium security update
Index(es):
- Date
- Thread