mirror of
https://git.yoctoproject.org/poky
synced 2026-01-29 21:08:42 +01:00
ffmpeg: fix CVE-2025-0518
Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C This issue affects FFmpeg: 7.1. Issue was fixed:b5b6391d64b5b6391d64This issue was discovered by: Simcha Kosma (From OE-Core rev: 75ad6e004de95ff6208820ccf2c0af01d9363749) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Archana Polampalli
committed by
Steve Sakoman
Steve Sakoman
parent
6dfa4d7a28
commit
a7888d9d2f
34
meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch
Normal file
34
meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch
Normal file
@@ -0,0 +1,34 @@
|
||||
From b5b6391d64807578ab872dc58fb8aa621dcfc38a Mon Sep 17 00:00:00 2001
|
||||
From: Michael Niedermayer <michael@niedermayer.cc>
|
||||
Date: Mon, 6 Jan 2025 22:01:39 +0100
|
||||
Subject: [PATCH] avfilter/af_pan: Fix sscanf() use
|
||||
|
||||
Fixes: Memory Data Leak
|
||||
|
||||
Found-by: Simcha Kosman <simcha.kosman@cyberark.com>
|
||||
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
||||
|
||||
CVE: CVE-2025-0518
|
||||
|
||||
Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a]
|
||||
|
||||
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
|
||||
---
|
||||
libavfilter/af_pan.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libavfilter/af_pan.c b/libavfilter/af_pan.c
|
||||
index cfed9f1..ffcd214 100644
|
||||
--- a/libavfilter/af_pan.c
|
||||
+++ b/libavfilter/af_pan.c
|
||||
@@ -165,7 +165,7 @@ static av_cold int init(AVFilterContext *ctx)
|
||||
sign = 1;
|
||||
while (1) {
|
||||
gain = 1;
|
||||
- if (sscanf(arg, "%lf%n *%n", &gain, &len, &len))
|
||||
+ if (sscanf(arg, "%lf%n *%n", &gain, &len, &len) >= 1)
|
||||
arg += len;
|
||||
if (parse_channel_name(&arg, &in_ch_id, &named)){
|
||||
av_log(ctx, AV_LOG_ERROR,
|
||||
--
|
||||
2.40.0
|
||||
@@ -50,6 +50,7 @@ SRC_URI = " \
|
||||
file://CVE-2025-25473.patch \
|
||||
file://CVE-2025-25471.patch \
|
||||
file://CVE-2025-22921.patch \
|
||||
file://CVE-2025-0518.patch \
|
||||
"
|
||||
|
||||
SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968"
|
||||
|
||||
Reference in New Issue
Block a user