mirror of
https://git.yoctoproject.org/poky
synced 2026-01-29 21:08:42 +01:00
ffmpeg: fix CVE-2024-7055
A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651. (From OE-Core rev: 71a9c2d01ad8ed83f9da6e6b9541fcf1d9baed48) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Archana Polampalli
committed by
Steve Sakoman
Steve Sakoman
parent
ac0988d9f2
commit
c2186ed9ea
38
meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-7055.patch
Normal file
38
meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-7055.patch
Normal file
@@ -0,0 +1,38 @@
|
||||
From 587acd0d4020859e67d1f07aeff2c885797ebcce Mon Sep 17 00:00:00 2001
|
||||
From: Michael Niedermayer <michael@niedermayer.cc>
|
||||
Date: Thu, 18 Jul 2024 21:12:54 +0200
|
||||
Subject: [PATCH] avcodec/pnmdec: Use 64bit for input size check
|
||||
|
||||
Fixes: out of array read
|
||||
Fixes: poc3
|
||||
|
||||
Reported-by: VulDB CNA Team
|
||||
Found-by: CookedMelon
|
||||
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
||||
(cherry picked from commit 3faadbe2a27e74ff5bb5f7904ec27bb1f5287dc8)
|
||||
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
||||
|
||||
CVE: CVE-2024-7055
|
||||
|
||||
Upstream-Status: Backport [https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=587acd0d4020859e67d1f07aeff2c885797ebcce]
|
||||
|
||||
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
|
||||
---
|
||||
libavcodec/pnmdec.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libavcodec/pnmdec.c b/libavcodec/pnmdec.c
|
||||
index acd77ea..40cc2ae 100644
|
||||
--- a/libavcodec/pnmdec.c
|
||||
+++ b/libavcodec/pnmdec.c
|
||||
@@ -264,7 +264,7 @@ static int pnm_decode_frame(AVCodecContext *avctx, AVFrame *p,
|
||||
break;
|
||||
case AV_PIX_FMT_GBRPF32:
|
||||
if (!s->half) {
|
||||
- if (avctx->width * avctx->height * 12 > s->bytestream_end - s->bytestream)
|
||||
+ if (avctx->width * avctx->height * 12LL > s->bytestream_end - s->bytestream)
|
||||
return AVERROR_INVALIDDATA;
|
||||
scale = 1.f / s->scale;
|
||||
if (s->endian) {
|
||||
--
|
||||
2.40.0
|
||||
@@ -36,6 +36,7 @@ SRC_URI = " \
|
||||
file://CVE-2024-28661.patch \
|
||||
file://CVE-2023-50007.patch \
|
||||
file://CVE-2023-49528.patch \
|
||||
file://CVE-2024-7055.patch \
|
||||
"
|
||||
|
||||
SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968"
|
||||
|
||||
Reference in New Issue
Block a user