2117463 – (CVE-2022-37416) CVE-2022-37416 libmpeg2: memcpy-param-overlap in function impeg2_mc_fullx_fully_8x8

Bug 2117463 (CVE-2022-37416) - CVE-2022-37416 libmpeg2: memcpy-param-overlap in function impeg2_mc_fullx_fully_8x8

Summary: CVE-2022-37416 libmpeg2: memcpy-param-overlap in function impeg2_mc_fullx_ful...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2022-37416
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2117464 2117465
Blocks:	2116244
TreeView+	depends on / blocked

Reported:	2022-08-11 05:03 UTC by TEJ RATHI
Modified:	2022-09-01 14:55 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-09-01 14:55:54 UTC
Embargoed:

Attachments	(Terms of Use)

Description TEJ RATHI 2022-08-11 05:03:41 UTC

Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory blocks in impeg2_mc_fullx_fully_8x8.

https://issuetracker.google.com/issues/231026247
https://android-review.googlesource.com/c/platform/external/libmpeg2/+/2132593

Comment 1 TEJ RATHI 2022-08-11 05:04:05 UTC

Created libmpeg2 tracking bugs for this issue:

Affects: epel-all [bug 2117464]
Affects: fedora-all [bug 2117465]

Comment 2 Yaakov Selkowitz 2022-08-12 16:19:38 UTC

This CVE is for Android's libmpeg2, which is a completely different code base than the old standalone library by the same name.

Comment 3 Product Security DevOps Team 2022-09-01 14:55:53 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-37416

Note You need to log in before you can comment on or make changes to this bug.