diff mbox series

[meta-multimedia,scarthgap,4/5] vlc: patch CVE-2024-46461

Message ID 20260109234346.3098858-4-ankur.tyagi85@gmail.com
State New
Headers show
Series [meta-multimedia,scarthgap,1/5] libde265: patch CVE-2023-43887 | expand

Commit Message

Ankur Tyagi Jan. 9, 2026, 11:43 p.m. UTC 
From: Ankur Tyagi <ankur.tyagi85@gmail.com>

Details: https://nvd.nist.gov/vuln/detail/CVE-2024-46461

Backport the patch mentioned in the news[1] that fixes this vulnerabililty.

https://code.videolan.org/videolan/vlc/-/blob/3.0.21/NEWS?ref_type=tags#L44

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 .../vlc/vlc/CVE-2024-46461.patch              | 44 +++++++++++++++++++
 .../recipes-multimedia/vlc/vlc_3.0.20.bb      |  1 +
 2 files changed, 45 insertions(+)
 create mode 100644 meta-multimedia/recipes-multimedia/vlc/vlc/CVE-2024-46461.patch
diff mbox series

Patch

diff --git a/meta-multimedia/recipes-multimedia/vlc/vlc/CVE-2024-46461.patch b/meta-multimedia/recipes-multimedia/vlc/vlc/CVE-2024-46461.patch
new file mode 100644
index 0000000000..868eb89cac
--- /dev/null
+++ b/meta-multimedia/recipes-multimedia/vlc/vlc/CVE-2024-46461.patch
@@ -0,0 +1,44 @@ 
+From aafb226321a525169fd68bf4708e7c6f15e4307a Mon Sep 17 00:00:00 2001
+From: Thomas Guillem <thomas@gllm.fr>
+Date: Tue, 9 Jan 2024 06:58:39 +0100
+Subject: [PATCH] mms: fix potential integer overflow
+
+That could lead to a heap buffer overflow.
+
+Thanks Andreas Fobian for the security report.
+
+(cherry picked from commit 467b24dd0f9b0b3d8ba11dd813b393892f7f1ed2)
+Signed-off-by: Jean-Baptiste Kempf <jb@videolan.org>
+
+CVE: CVE-2024-46461
+Upstream-Status: Backport [https://code.videolan.org/videolan/vlc/-/commit/e7f98f3632d793c3921bfe72595721af191e670e]
+(cherry picked from commit e7f98f3632d793c3921bfe72595721af191e670e)
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ modules/access/mms/mmstu.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/modules/access/mms/mmstu.c b/modules/access/mms/mmstu.c
+index f795b0bd43..f10e38cd43 100644
+--- a/modules/access/mms/mmstu.c
++++ b/modules/access/mms/mmstu.c
+@@ -1316,14 +1316,16 @@ static int  mms_ParsePacket( stream_t *p_access,
+ 
+     if( i_packet_id == p_sys->i_header_packet_id_type )
+     {
+-        uint8_t *p_reaced = realloc( p_sys->p_header,
+-                                     p_sys->i_header + i_packet_length - 8 );
++        size_t new_header_size;
++        if( add_overflow( p_sys->i_header, i_packet_length, &new_header_size ) )
++            return -1;
++        uint8_t *p_reaced = realloc( p_sys->p_header, new_header_size );
+         if( !p_reaced )
+             return VLC_ENOMEM;
+ 
+         memcpy( &p_reaced[p_sys->i_header], p_data + 8, i_packet_length - 8 );
+         p_sys->p_header = p_reaced;
+-        p_sys->i_header += i_packet_length - 8;
++        p_sys->i_header = new_header_size;
+ 
+ /*        msg_Dbg( p_access,
+                  "receive header packet (%d bytes)",
diff --git a/meta-multimedia/recipes-multimedia/vlc/vlc_3.0.20.bb b/meta-multimedia/recipes-multimedia/vlc/vlc_3.0.20.bb
index 21bc408f6d..bf34146e0a 100644
--- a/meta-multimedia/recipes-multimedia/vlc/vlc_3.0.20.bb
+++ b/meta-multimedia/recipes-multimedia/vlc/vlc_3.0.20.bb
@@ -25,6 +25,7 @@  SRC_URI = "https://get.videolan.org/${BPN}/${PV}/${BP}.tar.xz \
            file://0006-configure-Disable-incompatible-function-pointer-type.patch \
            file://taglib-2.patch \
            file://0001-taglib-Fix-build-on-x86-32-bit.patch \
+           file://CVE-2024-46461.patch \
 "
 SRC_URI[sha256sum] = "adc7285b4d2721cddf40eb5270cada2aaa10a334cb546fd55a06353447ba29b5"