SHA256
1
0
forked from pool/ffmpeg-4

Add ffmpeg-4-CVE-2024-7055.patch:

Backporting 3faadbe2 from upstream, Use 64bit for input size check,
Fixes: out of array read, Fixes: poc3.
(CVE-2024-7055, bsc#1229026)
This commit is contained in:
Cliff Zhao 2024-09-14 19:42:15 +08:00
parent 9e43e5445b
commit 79e46abe56
3 changed files with 41 additions and 3 deletions

View File

@ -0,0 +1,29 @@
From 3faadbe2a27e74ff5bb5f7904ec27bb1f5287dc8 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Thu, 18 Jul 2024 21:12:54 +0200
Subject: [PATCH] avcodec/pnmdec: Use 64bit for input size check
References: CVE-2024-7055
References: bsc#1229026
Upstream: Backport from upstream
Fixes: out of array read
Fixes: poc3
Reported-by: VulDB CNA Team
Found-by: CookedMelon
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/pnmdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- ffmpeg-4.4.4/libavcodec/pnmdec.c
+++ ffmpeg-4.4.4_new/libavcodec/pnmdec.c
@@ -256,7 +256,7 @@
}
break;
case AV_PIX_FMT_GBRPF32:
- if (avctx->width * avctx->height * 12 > s->bytestream_end - s->bytestream)
+ if (avctx->width * avctx->height * 12LL > s->bytestream_end - s->bytestream)
return AVERROR_INVALIDDATA;
scale = 1.f / s->scale;
if (s->endian) {

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Fri Sep 6 15:06:21 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-4-CVE-2024-7055.patch:
Backporting 3faadbe2 from upstream, Use 64bit for input size check,
Fixes: out of array read, Fixes: poc3.
(CVE-2024-7055, bsc#1229026)
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Aug 28 10:42:38 UTC 2024 - Jan Engelhardt <jengelh@inai.de> Wed Aug 28 10:42:38 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
@ -22,7 +30,7 @@ Tue Apr 27 11:38:35 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-CVE-2023-50010.patch: - Add ffmpeg-CVE-2023-50010.patch:
Backporting e4d2666b from upstream, fixes the out of array access. Backporting e4d2666b from upstream, fixes the out of array access.
(CVE-2023-50010 bsc#1223256) (CVE-2023-a50010, bsc#1223256)
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Apr 26 22:16:48 UTC 2024 - Jan Engelhardt <jengelh@inai.de> Fri Apr 26 22:16:48 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
@ -35,7 +43,7 @@ Thu Apr 23 16:14:18 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-CVE-2023-51793.patch: - Add ffmpeg-CVE-2023-51793.patch:
Backporting 0ecc1f0e from upstream, Fix odd height handling. Backporting 0ecc1f0e from upstream, Fix odd height handling.
(CVE-2023-51793 bsc#1223272) (CVE-2023-51793, bsc#1223272)
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao <qzhao@suse.com> Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
@ -43,7 +51,7 @@ Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-CVE-2023-49502.patch: - Add ffmpeg-CVE-2023-49502.patch:
Backporting 737ede40 from upstream, account for chroma sub-sampling Backporting 737ede40 from upstream, account for chroma sub-sampling
in min size calculation. in min size calculation.
(CVE-2023-49502 bsc#1223235) (CVE-2023-49502, bsc#1223235)
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Apr 23 14:25:53 UTC 2024 - Jan Engelhardt <jengelh@inai.de> Tue Apr 23 14:25:53 UTC 2024 - Jan Engelhardt <jengelh@inai.de>

View File

@ -134,6 +134,7 @@ Patch20: ffmpeg-CVE-2023-50010.patch
Patch21: ffmpeg-4-CVE-2024-32230.patch Patch21: ffmpeg-4-CVE-2024-32230.patch
Patch22: ffmpeg-c99.patch Patch22: ffmpeg-c99.patch
Patch23: 0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch Patch23: 0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch
Patch24: ffmpeg-4-CVE-2024-7055.patch
BuildRequires: ladspa-devel BuildRequires: ladspa-devel
BuildRequires: libgsm-devel BuildRequires: libgsm-devel
BuildRequires: libmp3lame-devel BuildRequires: libmp3lame-devel