[meta-multimedia,kirkstone,2/5] libeml: patch CVE-2015-8791

Message ID	20260213154229.1329476-2-skandigraun@gmail.com
State	New
Headers	show Return-Path: <skandigraun@gmail.com> ip: 209.85.221.45, mailfrom: skandigraun@gmail.com) From: Gyorgy Sarvari <skandigraun@gmail.com> To: openembedded-devel@lists.openembedded.org Subject: [meta-multimedia][kirkstone][PATCH 2/5] libeml: patch CVE-2015-8791 Date: Fri, 13 Feb 2026 16:42:26 +0100 Message-ID: <20260213154229.1329476-2-skandigraun@gmail.com> In-Reply-To: <20260213154229.1329476-1-skandigraun@gmail.com> References: <20260213154229.1329476-1-skandigraun@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-networking,kirkstone,1/5] ez-ipupdate: patch CVE-2003-0887 \| expand [meta-networking,kirkstone,1/5] ez-ipupdate: patch CVE-2003-0887 [meta-multimedia,kirkstone,2/5] libeml: patch CVE-2015-8791 [meta-oe,kirkstone,3/5] mercurial: ignore CVE-2022-43410 [meta-python,kirkstone,4/5] python3-django: upgrade 4.2.27 -> 4.2.28 [meta-oe,kirkstone,5/5] poppler: mark CVE-2022-38171 patched

Message ID

20260213154229.1329476-2-skandigraun@gmail.com

State

New

Headers

From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-multimedia][kirkstone][PATCH 2/5] libeml: patch CVE-2015-8791
Date: Fri, 13 Feb 2026 16:42:26 +0100
Message-ID: <20260213154229.1329476-2-skandigraun@gmail.com>
In-Reply-To: <20260213154229.1329476-1-skandigraun@gmail.com>
References: <20260213154229.1329476-1-skandigraun@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-networking,kirkstone,1/5] ez-ipupdate: patch CVE-2003-0887 | expand

Commit Message

Gyorgy Sarvari Feb. 13, 2026, 3:42 p.m. UTC

Details: https://nvd.nist.gov/vuln/detail/CVE-2015-8791

Backport the patch that is referenced by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../libebml/libebml/CVE-2015-8791.patch       | 29 +++++++++++++++++++
 .../recipes-mkv/libebml/libebml_1.3.0.bb      | 10 +++----
 2 files changed, 34 insertions(+), 5 deletions(-)
 create mode 100644 meta-multimedia/recipes-mkv/libebml/libebml/CVE-2015-8791.patch

diff --git a/meta-multimedia/recipes-mkv/libebml/libebml/CVE-2015-8791.patch b/meta-multimedia/recipes-mkv/libebml/libebml/CVE-2015-8791.patch
new file mode 100644
index 0000000000..e007e2fb92
--- /dev/null
+++ b/meta-multimedia/recipes-mkv/libebml/libebml/CVE-2015-8791.patch
@@ -0,0 +1,29 @@ 
+From 22b87d8217606d891e73fc59a598bae830e61d65 Mon Sep 17 00:00:00 2001
+From: Moritz Bunkus <moritz@bunkus.org>
+Date: Tue, 20 Oct 2015 14:49:44 +0200
+Subject: [PATCH] EbmlElement: don't read beyond end of buffer when reading
+ variable length integers
+
+CVE: CVE-2015-8791
+Upstream-Status: Backport [https://github.com/Matroska-Org/libebml/commit/24e5cd7c666b1ddd85619d60486db0a5481c1b90]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/EbmlElement.cpp | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/EbmlElement.cpp b/src/EbmlElement.cpp
+index 4b96d06..0969468 100644
+--- a/src/EbmlElement.cpp
++++ b/src/EbmlElement.cpp
+@@ -149,6 +149,11 @@ uint64 ReadCodedSizeValue(const binary * InBuffer, uint32 & BufferSize, uint64 &
+ 			// ID found
+ 			PossibleSizeLength = SizeIdx + 1;
+ 			SizeBitMask >>= SizeIdx;
++
++			// Guard against invalid memory accesses with incomplete IDs.
++			if (PossibleSizeLength > BufferSize)
++				break;
++
+ 			for (SizeIdx = 0; SizeIdx < PossibleSizeLength; SizeIdx++) {
+ 				PossibleSize[SizeIdx] = InBuffer[SizeIdx];
+ 			}
diff --git a/meta-multimedia/recipes-mkv/libebml/libebml_1.3.0.bb b/meta-multimedia/recipes-mkv/libebml/libebml_1.3.0.bb
index 744486fa2a..9caf25205b 100644
--- a/meta-multimedia/recipes-mkv/libebml/libebml_1.3.0.bb
+++ b/meta-multimedia/recipes-mkv/libebml/libebml_1.3.0.bb
@@ -2,11 +2,11 @@  SUMMARY = "libebml is a C++ libary to parse EBML files"
 LICENSE = "LGPL-2.1-only"
 LIC_FILES_CHKSUM = "file://LICENSE.LGPL;md5=7fbc338309ac38fefcd64b04bb903e34"
 
-SRC_URI = "\
-    http://dl.matroska.org/downloads/libebml/libebml-${PV}.tar.bz2 \
-    file://ldflags.patch \
-    file://override-uname.patch \
-"
+SRC_URI = "http://dl.matroska.org/downloads/libebml/libebml-${PV}.tar.bz2 \
+           file://ldflags.patch \
+           file://override-uname.patch \
+           file://CVE-2015-8791.patch \
+           "
 SRC_URI[md5sum] = "efec729bf5a51e649e1d9d1f61c0ae7a"
 SRC_URI[sha256sum] = "83b074d6b62715aa0080406ea84d33df2e44b5d874096640233a4db49b8096de"

[meta-multimedia,kirkstone,2/5] libeml: patch CVE-2015-8791

Commit Message

Patch