mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-01-29 21:08:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

ffmpeg: fix CVE-2024-35366

Browse Source 
FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options
function of sbgdec.c within the libavformat module. When parsing certain options,
the software does not adequately validate the input. This allows for negative
duration values to be accepted without proper bounds checking.

(From OE-Core rev: a07bc254011736c0f0445607c56609be677ea8a7)

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Archana Polampalli
2024-12-13 10:11:21 +00:00
committed by Steve Sakoman
parent 8f8989071a
commit 93dc7300c0
2 changed files with 36 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35366.patch Normal file
View File

@@ -0,0 +1,35 @@
From 0bed22d597b78999151e3bde0768b7fe763fc2a6 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Tue, 26 Mar 2024 00:39:49 +0100
Subject: [PATCH] avformat/sbgdec: Check for negative duration
Fixes: signed integer overflow: 9223372036854775807 - -8000000 cannot be represented in type 'long'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-5133181743136768
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
CVE: CVE-2024-35366
Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6]
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
---
libavformat/sbgdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/sbgdec.c b/libavformat/sbgdec.c
index b2662ea..281fe62 100644
--- a/libavformat/sbgdec.c
+++ b/libavformat/sbgdec.c
@@ -386,7 +386,7 @@ static int parse_options(struct sbg_parser *p)
case 'L':
FORWARD_ERROR(parse_optarg(p, opt, &oarg));
r = str_to_time(oarg.s, &p->scs.opt_duration);
- if (oarg.e != oarg.s + r) {
+ if (oarg.e != oarg.s + r || p->scs.opt_duration < 0) {
snprintf(p->err_msg, sizeof(p->err_msg),
"syntax error for option -L");
return AVERROR_INVALIDDATA;
--
2.40.0

1
meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
View File

@@ -37,6 +37,7 @@ SRC_URI = " \
file://CVE-2023-50007.patch \
file://CVE-2023-49528.patch \
file://CVE-2024-7055.patch \
file://CVE-2024-35366.patch \
"
SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968"