jengelh/ffmpeg-4
SHA256
1
0
Fork 2
forked from pool/ffmpeg-4
Code Pull Requests 1 Activity

Accepting request 1172481 from multimedia:libs

Browse Source 
- Add ffmpeg-CVE-2023-50010.patch:

OBS-URL: https://build.opensuse.org/request/show/1172481
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ffmpeg-4?expand=0&rev=67
This commit is contained in:
Dominique Leuenberger 2024-05-09 10:07:27 +00:00 committed by Git OBS Bridge
commit 90ca7e24a6
3 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ffmpeg-4.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Tue Apr 27 11:38:35 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-CVE-2023-50010.patch:
Backporting e4d2666b from upstream, fixes the out of array access.
(CVE-2023-50010 bsc#1223256)
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Apr 26 22:16:48 UTC 2024 - Jan Engelhardt <jengelh@inai.de> Fri Apr 26 22:16:48 UTC 2024 - Jan Engelhardt <jengelh@inai.de>

1
ffmpeg-4.spec
View File

@ -130,6 +130,7 @@ Patch16: 0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
Patch17: ffmpeg-CVE-2023-49502.patch Patch17: ffmpeg-CVE-2023-49502.patch
Patch18: ffmpeg-CVE-2023-51793.patch Patch18: ffmpeg-CVE-2023-51793.patch
Patch19: 0001-avfilter-af_stereowiden-Check-length.patch Patch19: 0001-avfilter-af_stereowiden-Check-length.patch
Patch20: ffmpeg-CVE-2023-50010.patch
BuildRequires: ladspa-devel BuildRequires: ladspa-devel
BuildRequires: libgsm-devel BuildRequires: libgsm-devel
BuildRequires: libmp3lame-devel BuildRequires: libmp3lame-devel

30
ffmpeg-CVE-2023-50010.patch Normal file
View File

@ -0,0 +1,30 @@
commit e4d2666bdc3dbd177a81bbf428654a5f2fa3787a (20231224_CVE-2023-50010_e4d2666bdc3dbd177a81bbf428654a5f2fa3787a)
Author: Michael Niedermayer <michael@niedermayer.cc>
Date: Sun Dec 24 20:50:51 2023 +0100
References: CVE-2023-50010
References: https://bugzilla.opensuse.org/1172424
avfilter/vf_gradfun: Do not overread last line
The code works in steps of 2 lines and lacks support for odd height
Implementing odd height support is better but for now this fixes the
out of array access
Fixes: out of array access
Fixes: tickets/10702/poc6ffmpe
Found-by: Zeng Yunxiang
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
diff -Nura ffmpeg-4.4.4/libavfilter/vf_gradfun.c ffmpeg-4.4.4_new/libavfilter/vf_gradfun.c
--- ffmpeg-4.4.4/libavfilter/vf_gradfun.c 2023-04-13 02:01:50.000000000 +0800
+++ ffmpeg-4.4.4_new/libavfilter/vf_gradfun.c 2024-05-07 19:32:05.287848683 +0800
@@ -93,7 +93,7 @@
for (y = 0; y < r; y++)
ctx->blur_line(dc, buf + y * bstride, buf + (y - 1) * bstride, src + 2 * y * src_linesize, src_linesize, width / 2);
for (;;) {
- if (y < height - r) {
+ if (y + 1 < height - r) {
int mod = ((y + r) / 2) % r;
uint16_t *buf0 = buf + mod * bstride;
uint16_t *buf1 = buf + (mod ? mod - 1 : r - 1) * bstride;