mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-20 14:19:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

ffmpeg: patch CVE-2025-10256

Browse Source 
Pick patch metioned in NVD report.

(From OE-Core rev: d02ce6f66ee2a842ef9a27f481ce7f0ac411673b)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
This commit is contained in:
Peter Marko
2026-02-28 22:45:33 +01:00
committed by Paul Barker
parent 101fc59b73
commit 3f17dff885
2 changed files with 32 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-10256.patch Normal file
View File

@@ -0,0 +1,31 @@
From a25462482c02c004d685a8fcf2fa63955aaa0931 Mon Sep 17 00:00:00 2001
From: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Date: Wed, 6 Aug 2025 16:39:47 +0000
Subject: [PATCH] libavfilter/af_firequalizer: Add check for av_malloc_array()
Add check for the return value of av_malloc_array() to avoid potential NULL pointer dereference.
Fixes: d3be186ed1 ("avfilter/firequalizer: add dumpfile and dumpscale option")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
CVE: CVE-2025-10256
Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/a25462482c02c004d685a8fcf2fa63955aaa0931]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
libavfilter/af_firequalizer.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavfilter/af_firequalizer.c b/libavfilter/af_firequalizer.c
index 38663200eb..f14983b431 100644
--- a/libavfilter/af_firequalizer.c
+++ b/libavfilter/af_firequalizer.c
@@ -793,6 +793,8 @@ static int config_input(AVFilterLink *inlink)
if (s->dumpfile) {
s->analysis_rdft = av_rdft_init(rdft_bits, DFT_R2C);
s->dump_buf = av_malloc_array(s->analysis_rdft_len, sizeof(*s->dump_buf));
+ if (!s->dump_buf)
+ return AVERROR(ENOMEM);
}
s->analysis_buf = av_malloc_array(s->analysis_rdft_len, sizeof(*s->analysis_buf));

1
meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb
View File

@@ -53,6 +53,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://CVE-2023-6602-CVE-2023-6604-CVE-2023-6605-0002.patch \
file://CVE-2023-6602-CVE-2023-6604-CVE-2023-6605-0003.patch \
file://CVE-2025-1594.patch \
file://CVE-2025-10256.patch \
"
SRC_URI[sha256sum] = "04c70c377de233a4b217c2fdf76b19aeb225a287daeb2348bccd978c47b1a1db"