Details: https://nvd.nist.gov/vuln/detail/CVE-2025-27091
The advisory confirms that the bug was fixed in v2.6.0. When looking at the relevant Github advisory[1], it mentions the name of the implementer. Pick the patch that was included in this release, created by the mentioned Github account and isn't only a cosmetic or build-system change. [1]: https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9x Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../openh264/openh264/CVE-2025-27091.patch | 27 +++++++++++++++++++ .../openh264/openh264_2.1.1.bb | 1 + 2 files changed, 28 insertions(+) create mode 100644 meta-multimedia/recipes-multimedia/openh264/openh264/CVE-2025-27091.patch diff --git a/meta-multimedia/recipes-multimedia/openh264/openh264/CVE-2025-27091.patch b/meta-multimedia/recipes-multimedia/openh264/openh264/CVE-2025-27091.patch new file mode 100644 index 0000000000..5a3c900e38 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/openh264/openh264/CVE-2025-27091.patch @@ -0,0 +1,27 @@ +From 4e82ae10b594d87da2a7884c2de850857931c78f Mon Sep 17 00:00:00 2001 +From: BenzhengZhang <[email protected]> +Date: Thu, 19 Dec 2024 17:12:42 +0800 +Subject: [PATCH] Potential bug fix (#3818) + +CVE: CVE-2025-27091 +Upstream-Status: Backport [https://github.com/cisco/openh264/commit/63db555e30986e3a5f07871368dc90ae78c27449] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + codec/decoder/core/src/decoder.cpp | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/codec/decoder/core/src/decoder.cpp b/codec/decoder/core/src/decoder.cpp +index 3b38032a..b971f12f 100644 +--- a/codec/decoder/core/src/decoder.cpp ++++ b/codec/decoder/core/src/decoder.cpp +@@ -844,6 +844,10 @@ int32_t WelsDecodeBs (PWelsDecoderContext pCtx, const uint8_t* kpBsBuf, const in + return pCtx->iErrorCode; + } + ++ if (pCtx->iErrorCode != ERR_NONE && !(pCtx->iErrorCode & dsDataErrorConcealed)) { ++ return pCtx->iErrorCode; ++ } ++ + pDstNal += (iDstIdx + 4); //init, increase 4 reserved zero bytes, used to store the next NAL + if ((iSrcLength - iSrcConsumed + 4) > (pRawData->pEnd - pDstNal)) { + pDstNal = pRawData->pCurPos = pRawData->pHead; diff --git a/meta-multimedia/recipes-multimedia/openh264/openh264_2.1.1.bb b/meta-multimedia/recipes-multimedia/openh264/openh264_2.1.1.bb index aababb6684..113dbf1bba 100644 --- a/meta-multimedia/recipes-multimedia/openh264/openh264_2.1.1.bb +++ b/meta-multimedia/recipes-multimedia/openh264/openh264_2.1.1.bb @@ -15,6 +15,7 @@ SRCREV = "50a1fcf70fafe962c526749991cb4646406933ba" BRANCH = "openh264v2.1.1" SRC_URI = "git://github.com/cisco/openh264.git;protocol=https;branch=${BRANCH} \ file://0001-Makefile-Use-cp-options-to-preserve-file-mode.patch \ + file://CVE-2025-27091.patch \ " COMPATIBLE_MACHINE:armv7a = "(.*)"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#122709): https://lists.openembedded.org/g/openembedded-devel/message/122709 Mute This Topic: https://lists.openembedded.org/mt/116815250/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
