Following are mentioned in commit upgrading the recipe to 6.1.3:
* CVE-2023-49502 CVE-2023-50007 CVE-2023-50008 CVE-2024-31578 CVE-2024-31582
Following are fixed via mentioned commits already in 6.1.1:
* CVE-2023-50009: 162b4c60c8
* CVE-2023-50010: e809c23786
* CVE-2024-31585: 3061bf668f
(From OE-Core rev: 8286570b3baf275ff48c45ca0864348a8d3faa01)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1.
This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c
of the component AAC Encoder. The manipulation leads to stack-based buffer overflow.
It is possible to initiate the attack remotely. The exploit has been disclosed to the
public and may be used.
(From OE-Core rev: c9a15206bae7f1e85dc3b8812eabb936a7e6d383)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
CVE-2025-1373 does not appear to affect ffmpeg 5.0.3. The CVE has been
marked as "fixed-version".
(From OE-Core rev: 0ffe159d9a4ee434b4c995e1ca9a85b01e0a5d05)
Signed-off-by: Colin Pinnell McAllister <colin.mcallister@garmin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
ffmpeg_6.1.2 is the newest available stable release for 6.1.
It introduces quite a few bug and CVE fixes, which should help all.
CVEs that are fixed in the upgrade:
CVE-2024-32230
CVE-2024-35366
CVE-2024-36613
CVE-2024-36616
CVE-2024-36617
CVE-2024-36619
CVE-2024-7055
During upgrade it was noticed that the CVE scan doesn't pick up the CVEs as unpatched
(CVE-2025-0518, CVE-2025-22919, CVE-2025-22921, CVE-2025-25473,
CVE-2024-36618, CVE-2024-35369, CVE-2024-35368, CVE-2024-35367,
CVE-2024-35365, CVE-2024-28661, CVE-2023-50007, CVE-2023-49528,
CVE-2023-49501), due to improper versioning in NVD,
they are affecting 6.1.2 and hence we are leaving the patches in.
check the changelog mention below for information about fixes.
changelog: https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n6.1.2
This upgrade fixes CVE's hence remove those patches.
Refresh vulkan_av1_stable_API.patch as per new codebase.
(From OE-Core rev: 57e25585abf34677451c68d581374245e5b4b418)
Signed-off-by: Divyanshu Rathore <divyanshurathore2022@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows
attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.
(From OE-Core rev: bf0ad79c46d8a01aafc91620ddf415749aa8849a)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation
violation via the component /libavcodec/jpeg2000dec.c.
(From OE-Core rev: bc9cdf3701b937d40964903a3489898a69525d17)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
FFmpeg git master before commit fd1772 was discovered to contain a NULL pointer
dereference via the component libavformat/mov.c.
(From OE-Core rev: a8331b11d5d7aa8f1997eaa189b74aaab7cc44da)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer
dereference via the component libavformat/mov.c.
(From OE-Core rev: abc6b3180b87c665ff04204b7163d1f074d99747)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module,
a potential security vulnerability exists due to insufficient validation
of certain parameters when parsing Speex codec extradata. This vulnerability
could lead to integer overflow conditions, potentially resulting in undefined
behavior or crashes during the decoding process.
(From OE-Core rev: c46bb37a76582ee7352f2bc027920e8ba76e5c15)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec
library which allows for an integer overflow when handling certain block types,
leading to a denial-of-service (DoS) condition.
(From OE-Core rev: 161711ba2ef14fa77fba4740b1933c68043c57c7)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library
which allows for an integer overflow, potentially resulting in a denial-of-service
(DoS) condition.
(From OE-Core rev: 21230d5dfe908533958712e06316a253e16b9d2e)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.
(From OE-Core rev: 8057ba630477a7aeedf057b7e1ce25ab0c445665)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1
allows attackers to cause a denial of service in the application via a crafted VQA file.
(From OE-Core rev: fe7df1727d8ea4868091236ddfff7ea862c1ada8)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library
allowing for an integer overflow, potentially resulting in a denial-of-service
(DoS) condition or other undefined behavior.
(From OE-Core rev: 5661bac10db7e20064c10660c47c361b7d2418ee)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c
component of FFmpeg, specifically within the new_stream_audio function.
(From OE-Core rev: 051bc7afc01e72d5ef0fc14683689ab45e4eaab8)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame
function within libavcodec/rkmppdec.c.
(From OE-Core rev: 53528caafa576a2f6417436cc0dba8be06e75048)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options
function of sbgdec.c within the libavformat module. When parsing certain options,
the software does not adequately validate the input. This allows for negative
duration values to be accepted without proper bounds checking.
(From OE-Core rev: a07bc254011736c0f0445607c56609be677ea8a7)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical.
This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c.
The manipulation leads to heap-based buffer overflow. It is possible to initiate
the attack remotely. The exploit has been disclosed to the public and may be used.
Upgrading to version 7.0.2 is able to address this issue. It is recommended to
upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.
(From OE-Core rev: 71a9c2d01ad8ed83f9da6e6b9541fcf1d9baed48)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a
local attacker to execute arbitrary code and cause a denial of service (DoS)
via the af_dialoguenhance.c:261:5 in the de_stereo component.
(From OE-Core rev: a5e0e1f8be3c6611c09158c80e26848ae3d4f4e7)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local
attacker to execute arbitrary code via theav_samples_set_silence function
in the libavutil/samplefmt.c:260:9 component.
(From OE-Core rev: b63ba0bff9e5b5e73d50b2b3ff805418fa98d7e5)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a
local attacker to execute arbitrary code via the config_eq_output function
in the libavfilter/asrc_afirsrc.c:495:30 component.
(From OE-Core rev: 873025145d42ffe75d421884160ec299d85d21ef)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Currently, CVE_PRODUCT only detects vulnerabilities where the product is "ffmpeg".
However, there are also vulnerabilities where the product is "libswresample",
and "libavcodec" as shown below.
https://app.opencve.io/vendors/?vendor=ffmpeg
Therefore, add "libswresample libavcodec" to CVE_PRODUCT to detect vulnerabilities
where the product is "libswresample libavcodec" as well.
(From OE-Core rev: cebbbf76c029c5bf5563aca515b1c025c3644bf8)
Signed-off-by: aszh07 <mail2szahir@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at
libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0
(From OE-Core rev: b78fd9322b80734ec54440a01a36323a9b1b83f1)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker
to execute arbitrary code via the av_malloc function in libavutil/mem.c:105:9 component.
(From OE-Core rev: e7aea9b5f66414afb6fefd9aad6123c42af94b4c)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.
(From OE-Core rev: bd9fe64c40f7f4e1d18b5d33a9a366e95c2ddd2d)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker
to execute arbitrary code via the ff_bwdif_filter_intra_c function in the
libavfilter/bwdifdsp.c:125:5 component.
(From OE-Core rev: 814a688d1dc3f22cf7d1b88bde6842b032c13d12)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
On ARMv7 compilation of ffmpeg breaks if Vulkan support is enabled.
Backport a patch from the trunk to fix compilation issues:
| src/libavcodec/vulkan_av1.c: In function 'vk_av1_create_params':
| src/libavcodec/vulkan_av1.c:214:43: error: initialization of 'long long unsigned int' from 'void *' makes integer from pointer without a cast [-Wint-conversion]
| 214 | .videoSessionParametersTemplate = NULL,
| | ^~~~
| src/libavcodec/vulkan_av1.c:214:43: note: (near initialization for '(anonymous).videoSessionParametersTemplate')
| make: *** [/oe/build/tmp-rpb_wayland-glibc/work/armv7at2hf-neon-linaro-linux-gnueabi/ffmpeg/6.1.1/ffmpeg-6.1.1/ffbuild/common.mak:81: libavcodec/vulkan_av1.o] Error 1
| make: *** Waiting for unfinished jobs....
| src/libavcodec/vulkan_decode.c: In function 'ff_vk_decode_prepare_frame':
| src/libavcodec/vulkan_decode.c:191:26: error: assignment to 'VkImageView' {aka 'long long unsigned int'} from 'void *' makes integer from pointer without a cast [-Wint-conversion]
| 191 | vkpic->img_view_ref = NULL;
| | ^
| src/libavcodec/vulkan_decode.c:192:26: error: assignment to 'VkImageView' {aka 'long long unsigned int'} from 'void *' makes integer from pointer without a cast [-Wint-conversion]
| 192 | vkpic->img_view_out = NULL;
| | ^
| src/libavcodec/vulkan_decode.c:193:26: error: assignment to 'VkImageView' {aka 'long long unsigned int'} from 'void *' makes integer from pointer without a cast [-Wint-conversion]
| 193 | vkpic->img_view_dest = NULL;
| | ^
| make: *** [/oe/build/tmp-rpb_wayland-glibc/work/armv7at2hf-neon-linaro-linux-gnueabi/ffmpeg/6.1.1/ffmpeg-6.1.1/ffbuild/common.mak:81: libavcodec/vulkan_decode.o] Error 1
(From OE-Core rev: 6b3ca9f5745c438de74ef4e2e041ee95583b8dc6)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 52001cabd021b7c856acf426b668b99a72561de0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport two patches from ffmpeg git to fix compilation with the newest
Vulkan API.
(From OE-Core rev: 9dc5060abdc61e6a8a8a1ca44bb0aaf266d32271)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a9393391613cd81643744daf930eaabf2ced79b7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Changelog:
==========
- avcodec/mpegvideo_enc: Dont copy beyond the image
- avfilter/vf_minterpolate: Check pts before division
- avfilter/avf_showwaves: Check history_nb_samples
- avformat/flacdec: Avoid double AVERRORS
- avfilter/vf_vidstabdetect: Avoid double AVERRORS
- avcodec/vaapi_encode: Avoid double AVERRORS
- avfilter/vf_swaprect: round coordinates down
- avfilter/vf_swaprect: Use height for vertical variables
- avfilter/vf_swaprect: assert that rectangles are within memory
- avfilter/af_alimiter: Check nextpos before use
- avfilter/f_reverse: Apply PTS compensation only when pts is available
- avfilter/af_stereowiden: Check length
- avformat/mov: Fix MSAN issue with stsd_id
- avcodec/jpegxl_parser: Check get_vlc2()
- avfilter/vf_weave: Fix odd height handling
- avfilter/edge_template: Fix small inputs with gaussian_blur()
- avfilter/vf_gradfun: Do not overread last line
- avfilter/avf_showspectrum: fix off by 1 error
- avcodec/jpegxl_parser: Add padding to cs_buffer
- avformat/mov: do not set sign bit for chunk_offsets
- avcodec/jpeglsdec: Check Jpeg-LS LSE
- avcodec/osq: Implement flush()
- configure: Enable section_data_rel_ro for FreeBSD and NetBSD aarch64 / arm
- avcodec/cbs_h266: more restrictive check on pps_tile_idx_delta_val
- avcodec/jpeg2000htdec: check if block decoding will exceed internal precision
- tools/target_dec_fuzzer: Adjust threshold for VMIX
- avcodec/av1dec: Fix resolving zero divisor
- avformat/mov: Ignore duplicate ftyp
- avformat/mov: Fix integer overflow in mov_read_packet().
- lavc/qsvdec: return 0 if more data is required
- avcodec/jpegxl_parser: check ANS cluster alphabet size vs bundle size
- libavformat/vvc: Make probe more conservative
- hwcontext_vulkan: guard unistd.h include
- lavc/Makefile: build vulkan decode code if vulkan_av1 has been enabled
- lavc/dvdsubenc: only check canvas size when it is actually set
- avcodec/decode: validate hw_frames_ctx when AVHWAccel.free_frame_priv is used
- avcoded/fft: Fix memory leak if ctx2 is used
- avcodec/fft: Use av_mallocz to avoid invalid free/uninit
(From OE-Core rev: e9ca6bdd43069c0b25115ae70dc09f0dda93ab1f)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Can't be enabled by default as v4l-utils is in meta-oe.
(From OE-Core rev: c7a200553b720b9a58c5e6702a89b9ea49f70f74)
(From OE-Core rev: 1d290bd4373dea5fd035593249a1f31afe54b789)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There's very little reason to expose "build shared libraries", "build
position-independent code", or "enable threads" as recipe-specific
packageconfig options. Revert the commit which did this and explicitly
set the relevant options in EXTRA_OECONF.
This reverts commit b6e67e3d28.
(From OE-Core rev: ec62603a348154d837d5f0cbd52bb12468973341)
(From OE-Core rev: 521a084190f72fc7a8783571829bd697e2baa1f0)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ffmpeg 6.0 has added assembly routines which uses rv64i ISA
unconditionally, ideally it should check for ISA before using those
instructions.
Fixes errors like
<instantiation>:1:1: error: instruction requires the following: RV64I Base Instruction Set
ld t0, (a1)
^
src/libavcodec/riscv/pixblockdsp_rvi.S:24:1: note: while in macro instantiation
.irp row, 0, 1, 2, 3, 4, 5, 6, 7
^
<instantiation>:3:9: error: instruction requires the following: RV64I Base Instruction Set
sd zero, ((0 * 16) + 0)(a0)
^
(From OE-Core rev: 010b068bcc126dbbc1e2032997e8d83360a7de35)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The patch fixes the following errors observed when building ffmpeg in
vulkan-enabled distros:
| src/libavutil/hwcontext_vulkan.c:363:7: error: 'VK_EXT_VIDEO_DECODE_H264_EXTENSION_NAME' undeclared here (not in a function); did you mean 'VK_EXT_VIDEO_ENCODE_H264_EXTENSION_NAME'?
| 363 | { VK_EXT_VIDEO_DECODE_H264_EXTENSION_NAME, FF_VK_EXT_NO_FLAG },
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | VK_EXT_VIDEO_ENCODE_H264_EXTENSION_NAME
| src/libavutil/hwcontext_vulkan.c:364:7: error: 'VK_EXT_VIDEO_DECODE_H265_EXTENSION_NAME' undeclared here (not in a function); did you mean 'VK_EXT_VIDEO_ENCODE_H265_EXTENSION_NAME'?
| 364 | { VK_EXT_VIDEO_DECODE_H265_EXTENSION_NAME, FF_VK_EXT_NO_FLAG },
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | VK_EXT_VIDEO_ENCODE_H265_EXTENSION_NAME
(From OE-Core rev: b16c8696be9d56edb5ff77210abfff9a784fad89)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The configure scripts uses /tmp to execute some generated files.
If /tmp is noexec, then we meet the following error.
| Unable to create and execute files in /tmp. Set the TMPDIR environment
| variable to another directory and make sure that it is not mounted noexec.
| Sanity test failed.
(From OE-Core rev: 6099b88c4decb285fd3519d5565909c15d935030)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function
smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The
manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely.
The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to
fix this issue. The identifier of this vulnerability is VDB-213544.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-3965
Upstream Fix:
13c1310975
(From OE-Core rev: b88c96fe8964614978aa25a65dd34fc3c05c664c)
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file
libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size
leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is
92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated
identifier of this vulnerability is VDB-213543.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-3964
Upstream Fix:
92f9b28ed8
(From OE-Core rev: 4595f85e7ce867d68ca9d6a6e3ad2544565be3cc)
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
