seedsigner/buildroot
seedsigner/buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/libopenh264: security bump to version 2.5.1

Browse Source 
Fixes the following security issue:

CVE-2025-27091: OpenH264 Decoding Functions Heap Overflow Vulnerability

A vulnerability in the decoding functions of OpenH264 codec library could
allow a remote, unauthenticated attacker to trigger a heap overflow.

This vulnerability is due to a race condition between a Sequence Parameter
Set (SPS) memory allocation and a subsequent non Instantaneous Decoder
Refresh (non-IDR) Network Abstraction Layer (NAL) unit memory usage.  An
attacker could exploit this vulnerability by crafting a malicious bitstream
and tricking a victim user into processing an arbitrary video containing the
malicious bitstream.  An exploit could allow the attacker to cause an
unexpected crash in the victim's user decoding client and, possibly, perform
arbitrary commands on the victim's host by abusing the heap overflow.

https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9x
https://github.com/cisco/openh264/releases/tag/2.5.1

The upstream tag now has no 'v' prefix, so drop it from _SITE.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit a7aeb5a46eaaf8a39560c8664593018cf253835a)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This commit is contained in:
Peter Korsgaard 2025-03-28 17:25:09 +01:00 committed by Thomas Perale
parent df65961ad5
commit eda2d934ae
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/libopenh264/libopenh264.hash
View File

@ -1,3 +1,3 @@
# Locally calculated
sha256 8ffbe944e74043d0d3fb53d4a2a14c94de71f58dbea6a06d0dc92369542958ea libopenh264-2.4.1.tar.gz
sha256 a1b5c88bfb31c4d2251835e57a7df99f91181955cea6ec3ddd4ab82aa54ae9f1 libopenh264-2.5.1.tar.gz
sha256 dd5c1c9668512530fa5a96e4c29ac4033d70a7eeb0eed7a42fddb6dd794ebdbb LICENSE

4
package/libopenh264/libopenh264.mk
View File

@ -4,8 +4,8 @@
#
################################################################################
LIBOPENH264_VERSION = 2.4.1
LIBOPENH264_SITE = $(call github,cisco,openh264,v$(LIBOPENH264_VERSION))
LIBOPENH264_VERSION = 2.5.1
LIBOPENH264_SITE = $(call github,cisco,openh264,$(LIBOPENH264_VERSION))
LIBOPENH264_LICENSE = BSD-2-Clause
LIBOPENH264_LICENSE_FILES = LICENSE
LIBOPENH264_CPE_ID_VENDOR = cisco