Skip to content

fix(ffmpeg): CVE-2026-8461 - Fix heap out-of-bounds write in MagicYUV decoder (PixelSmash)#32

Merged
Zeno-sole merged 1 commit into
masterfrom
fix/CVE-2026-8461
Jun 25, 2026
Merged

fix(ffmpeg): CVE-2026-8461 - Fix heap out-of-bounds write in MagicYUV decoder (PixelSmash)#32
Zeno-sole merged 1 commit into
masterfrom
fix/CVE-2026-8461

Conversation

@deepin-ci-robot

Copy link
Copy Markdown
Contributor

CVE-2026-8461: PixelSmash - Heap OOB write in MagicYUV decoder

Fix heap out-of-bounds write in FFmpeg's libavcodec MagicYUV decoder caused by inconsistency between how the frame allocator and decoder compute chroma plane heights when slice_height is odd.

Changes

  • Move slice_height validation outside of interlaced-only block to catch odd slice_height values in both interlaced and progressive modes
  • Change threshold from < 2 to <= s->interlaced so progressive (interlaced=0) uses <= 0 instead of < 2

References

Patch

From upstream 7-line patch: validates slice_height against chroma subsampling shift.

Fix heap out-of-bounds write in MagicYUV decoder (PixelSmash).
Move slice_height validation outside of interlaced-only block
so it applies to both interlaced and progressive modes.

Origin: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23159
Bug: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23159
Generated-By: deepseek-v4
Co-Authored-By: hudeng <hudeng@deepin.org>
@deepin-ci-robot

Copy link
Copy Markdown
Contributor Author

/hold
因为该quilt包的上游版本号变更,详情见: deepin-community/infra-settings#134

@github-actions

Copy link
Copy Markdown

TAG Bot

TAG: 7%6.1.5-0deepin2
EXISTED: no
DISTRIBUTION: unstable

@deepin-ci-robot

Copy link
Copy Markdown
Contributor Author

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign zccrs for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@Zeno-sole

Copy link
Copy Markdown
Contributor

/integrate

@github-actions

Copy link
Copy Markdown

AutoIntegrationPr Bot
auto integrate with pr url: deepin-community/Repository-Integration#4177
PrNumber: 4177
PrBranch: auto-integration-28141519659

@Zeno-sole Zeno-sole merged commit 3415926 into master Jun 25, 2026
6 of 10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants