Skip to content

h265parser: Fix possible overflow using max_sub_layers_minus1

Tim-Philipp Müller requested to merge tpm/gstreamer:h265parse-fix into main

This fixes a possible overflow that can be triggered by an invalid value of max_sub_layers_minus1 being set in the bitstream. The bitstream uses 3 bits, but the allowed range is 0 to 6 only.

Fixes ZDI-CAN-21768, CVE-2023-40476

Merge request reports