Bug#1050836: oggvideotools: CVE-2020-21722 CVE-2020-21723 CVE-2020-21724

Petter Reinholdtsen Sat, 07 Sep 2024 22:39:12 -0700

[Moritz Mühlenhoff]
> CVE-2020-21723[1]:
> | A Segmentation Fault issue discovered
> | StreamSerializer::extractStreams function in streamSerializer.cpp in
> | oggvideotools 0.9.1 allows remote attackers to cause a denial of
> | service (crash) via opening of crafted ogg file.
> 
> https://sourceforge.net/p/oggvideotools/bugs/10


I believe the following patch fixes this issue:

--- oggvideotools-0.9.1.orig/src/main/streamSerializer.cpp
+++ oggvideotools-0.9.1/src/main/streamSerializer.cpp
@@ -158,6 +158,14 @@ bool StreamSerializer::extractStreams()
 
         OggPacket         oggPacket;
         StreamEntry&      entry         = streamList[serialID];
+
+       /* Reject Ogg files where serialID to not point to valid
+          stream (CVE-2020-21723,
+          <URL: https://sourceforge.net/p/oggvideotools/bugs/10/ >). */
+       if (! entry.streamDecoder) {
+            break;
+       }
+
         OggStreamDecoder& streamDecoder = *(entry.streamDecoder);
 
         streamDecoder << oggPage;

It is already commited to the Debian salsa git repository.

-- 
Happy hacking
Petter Reinholdtsen

Bug#1050836: oggvideotools: CVE-2020-21722 CVE-2020-21723 CVE-2020-21724

Reply via email to