mirror of
https://git.yoctoproject.org/poky
synced 2026-04-20 09:32:13 +02:00
ffmpeg: fix CVE-2023-51796
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame. (From OE-Core rev: ec7301d63376197ed3e89282545109f046d63888) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Archana Polampalli
committed by
Steve Sakoman
Steve Sakoman
parent
73b340f6c1
commit
d8a0cd24f3
39
meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51796.patch
Normal file
39
meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51796.patch
Normal file
@@ -0,0 +1,39 @@
|
||||
From 61e73851a33f0b4cb7662f8578a4695e77bd3c19 Mon Sep 17 00:00:00 2001
|
||||
From: Michael Niedermayer <michael@niedermayer.cc>
|
||||
Date: Sat, 23 Dec 2023 18:04:32 +0100
|
||||
Subject: [PATCH 3/4] avfilter/f_reverse: Apply PTS compensation only when pts
|
||||
is available
|
||||
|
||||
Fixes: out of array access
|
||||
Fixes: tickets/10753/poc16ffmpeg
|
||||
|
||||
Regression since: 45dc668aea0edac34969b5a1ff76cf9ad3a09be1
|
||||
Found-by: Zeng Yunxiang
|
||||
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
||||
|
||||
CVE: CVE-2023-51796
|
||||
|
||||
Upstream-Status: Backport [https://github.com/ffmpeg/FFmpeg/commit/61e73851a33f0b4cb7662f8578a4695e77bd3c19]
|
||||
|
||||
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
|
||||
---
|
||||
libavfilter/f_reverse.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libavfilter/f_reverse.c b/libavfilter/f_reverse.c
|
||||
index f7a7e71..7b919d6 100644
|
||||
--- a/libavfilter/f_reverse.c
|
||||
+++ b/libavfilter/f_reverse.c
|
||||
@@ -251,7 +251,9 @@ static int areverse_request_frame(AVFilterLink *outlink)
|
||||
if (ret == AVERROR_EOF && s->nb_frames > 0) {
|
||||
AVFrame *out = s->frames[s->nb_frames - 1];
|
||||
out->pts = s->pts[s->flush_idx++] - s->nb_samples;
|
||||
- s->nb_samples += s->pts[s->flush_idx] - s->pts[s->flush_idx - 1] - out->nb_samples;
|
||||
+ if (s->nb_frames > 1)
|
||||
+ s->nb_samples += s->pts[s->flush_idx] - s->pts[s->flush_idx - 1] - out->nb_samples;
|
||||
+
|
||||
|
||||
if (av_sample_fmt_is_planar(out->format))
|
||||
reverse_samples_planar(out);
|
||||
--
|
||||
2.40.0
|
||||
@@ -38,6 +38,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
|
||||
file://CVE-2023-51798.patch \
|
||||
file://CVE-2023-47342.patch \
|
||||
file://CVE-2023-50007.patch \
|
||||
file://CVE-2023-51796.patch \
|
||||
"
|
||||
|
||||
SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"
|
||||
|
||||
Reference in New Issue
Block a user