From: Archana Polampalli <archana.polampa...@windriver.com> FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.
Signed-off-by: Archana Polampalli <archana.polampa...@windriver.com> --- .../ffmpeg/ffmpeg/CVE-2024-36618.patch | 36 +++++++++++++++++++ .../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb | 1 + 2 files changed, 37 insertions(+) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36618.patch diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36618.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36618.patch new file mode 100644 index 0000000000..5caca2da7c --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36618.patch @@ -0,0 +1,36 @@ +From 7a089ed8e049e3bfcb22de1250b86f2106060857 Mon Sep 17 00:00:00 2001 +From: Andreas Rheinhardt <andreas.rheinha...@outlook.com> +Date: Tue, 12 Mar 2024 23:23:17 +0100 +Subject: [PATCH] avformat/avidec: Fix integer overflow iff ULONG_MAX < + INT64_MAX + +Affects many FATE-tests, see +https://fate.ffmpeg.org/report.cgi?time=20240312011016&slot=ppc-linux-gcc-13.2-ubsan-altivec-qemu + +Reviewed-by: James Almer <jamr...@gmail.com> +Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@outlook.com> + +CVE: CVE-2024-36618 + +Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/7a089ed8e049e3bfcb22de1250b86f2106060857] + +Signed-off-by: Archana Polampalli <archana.polampa...@windriver.com> +--- + libavformat/avidec.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libavformat/avidec.c b/libavformat/avidec.c +index 00bd7a9..bc95466 100644 +--- a/libavformat/avidec.c ++++ b/libavformat/avidec.c +@@ -1696,7 +1696,7 @@ static int check_stream_max_drift(AVFormatContext *s) + int *idx = av_calloc(s->nb_streams, sizeof(*idx)); + if (!idx) + return AVERROR(ENOMEM); +- for (min_pos = pos = 0; min_pos != INT64_MAX; pos = min_pos + 1LU) { ++ for (min_pos = pos = 0; min_pos != INT64_MAX; pos = min_pos + 1ULL) { + int64_t max_dts = INT64_MIN / 2; + int64_t min_dts = INT64_MAX / 2; + int64_t max_buffer = 0; +-- +2.40.0 diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb index 3ef2d9099d..37416ef01a 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb @@ -44,6 +44,7 @@ SRC_URI = " \ file://CVE-2024-36613.patch \ file://CVE-2024-36616.patch \ file://CVE-2024-36617.patch \ + file://CVE-2024-36618.patch \ " SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968" -- 2.40.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#210988): https://lists.openembedded.org/g/openembedded-core/message/210988 Mute This Topic: https://lists.openembedded.org/mt/111053960/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
