mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-29 09:32:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

ffmpeg: fix CVE-2023-51798

Browse Source 
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker
to execute arbitrary code via a floating point exception (FPE) error at
libavfilter/vf_minterpolate.c:1078:60 in interpolate.

(From OE-Core rev: b6c00d2c64036b2b851cdbb3b6efd60bc839fa5b)

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Archana Polampalli
2024-11-27 09:24:34 +00:00
committed by Steve Sakoman
parent 396ce3bd6c
commit d63184dd32
2 changed files with 46 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51798.patch Normal file
View File

@@ -0,0 +1,45 @@
From c9e6162554cc7d04a56e2edd1f6f1479c6f8b62f Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sat, 30 Dec 2023 02:51:32 +0100
Subject: [PATCH] avfilter/vf_minterpolate: Check pts before division
Fixes: FPE
Fixes: tickets/10758/poc20ffmpeg
Discovered by Zeng Yunxiang
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 68146f06f852078866b3ef1564556e3a272920c7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
CVE: CVE-2023-51798
Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/c9e6162554cc7d04a56e2edd1f6f1479c6f8b62f]
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
---
libavfilter/vf_minterpolate.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/libavfilter/vf_minterpolate.c b/libavfilter/vf_minterpolate.c
index 97d0e96..9296e67 100644
--- a/libavfilter/vf_minterpolate.c
+++ b/libavfilter/vf_minterpolate.c
@@ -1078,8 +1078,13 @@ static void interpolate(AVFilterLink *inlink, AVFrame *avf_out)
pts = av_rescale(avf_out->pts, (int64_t) ALPHA_MAX * outlink->time_base.num * inlink->time_base.den,
(int64_t) outlink->time_base.den * inlink->time_base.num);
- alpha = (pts - mi_ctx->frames[1].avf->pts * ALPHA_MAX) / (mi_ctx->frames[2].avf->pts - mi_ctx->frames[1].avf->pts);
- alpha = av_clip(alpha, 0, ALPHA_MAX);
+ if (mi_ctx->frames[2].avf->pts > mi_ctx->frames[1].avf->pts) {
+ alpha = (pts - mi_ctx->frames[1].avf->pts * ALPHA_MAX) / (mi_ctx->frames[2].avf->pts - mi_ctx->frames[1].avf->pts);
+ alpha = av_clip(alpha, 0, ALPHA_MAX);
+ } else {
+ av_log(ctx, AV_LOG_DEBUG, "duplicate input PTS detected\n");
+ alpha = 0;
+ }
if (alpha == 0 || alpha == ALPHA_MAX) {
av_frame_copy(avf_out, alpha ? mi_ctx->frames[2].avf : mi_ctx->frames[1].avf);
--
2.40.0

1
meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
View File

@@ -35,6 +35,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://CVE-2024-31582.patch \
file://CVE-2024-31578.patch \
file://CVE-2023-51794.patch \
file://CVE-2023-51798.patch \
"
SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"