From ccf5285d75e19c1ad8570c68d36eb71330624f5d1e35ded383dcb0c138854248 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 7 May 2024 14:55:08 +0000 Subject: [PATCH] add bugrefs and explanation OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-5?expand=0&rev=92 --- ffmpeg-CVE-2023-50009.patch | 18 +++++++------- ffmpeg-CVE-2023-50010.patch | 24 ++++++++++--------- ...ify-ff_gaussian_blur-and-ff-function.patch | 7 +++++- 3 files changed, 29 insertions(+), 20 deletions(-) diff --git a/ffmpeg-CVE-2023-50009.patch b/ffmpeg-CVE-2023-50009.patch index 9f0e7f0..c986f0c 100644 --- a/ffmpeg-CVE-2023-50009.patch +++ b/ffmpeg-CVE-2023-50009.patch @@ -1,15 +1,17 @@ commit c443658d26d2b8e19901f9507a890e0efca79056 (HEAD -> 20231222_CVE-2023-50009_c443658d26d2b8e19901f9507a890e0efca79056) Author: Michael Niedermayer Date: Fri Dec 22 11:54:24 2023 +0100 +References: CVE-2023-50009 +References: https://bugzilla.opensuse.org/1172423 - avfilter/edge_template: Fix small inputs with gaussian_blur() - - Fixes: out of array access - Fixes: Ticket10699 - Fixes: poc5ffmpeg - - Found-by: Zeng Yunxiang - Signed-off-by: Michael Niedermayer +avfilter/edge_template: Fix small inputs with gaussian_blur() + +Fixes: out of array access +Fixes: Ticket10699 +Fixes: poc5ffmpeg + +Found-by: Zeng Yunxiang +Signed-off-by: Michael Niedermayer diff --git a/libavfilter/edge_template.c b/libavfilter/edge_template.c index 14635c25af..ce45e579db 100644 diff --git a/ffmpeg-CVE-2023-50010.patch b/ffmpeg-CVE-2023-50010.patch index d5934fc..c3d064f 100644 --- a/ffmpeg-CVE-2023-50010.patch +++ b/ffmpeg-CVE-2023-50010.patch @@ -1,18 +1,20 @@ commit e4d2666bdc3dbd177a81bbf428654a5f2fa3787a (20231224_CVE-2023-50010_e4d2666bdc3dbd177a81bbf428654a5f2fa3787a) Author: Michael Niedermayer Date: Sun Dec 24 20:50:51 2023 +0100 +References: CVE-2023-50009 +References: https://bugzilla.opensuse.org/1172423 - avfilter/vf_gradfun: Do not overread last line - - The code works in steps of 2 lines and lacks support for odd height - Implementing odd height support is better but for now this fixes the - out of array access - - Fixes: out of array access - Fixes: tickets/10702/poc6ffmpe - - Found-by: Zeng Yunxiang - Signed-off-by: Michael Niedermayer +avfilter/vf_gradfun: Do not overread last line + +The code works in steps of 2 lines and lacks support for odd height +Implementing odd height support is better but for now this fixes the +out of array access + +Fixes: out of array access +Fixes: tickets/10702/poc6ffmpe + +Found-by: Zeng Yunxiang +Signed-off-by: Michael Niedermayer diff -Nura ffmpeg-5.1.4/libavfilter/vf_gradfun.c ffmpeg-5.1.4_new/libavfilter/vf_gradfun.c --- ffmpeg-5.1.4/libavfilter/vf_gradfun.c 2023-11-10 07:38:51.000000000 +0800 diff --git a/ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch b/ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch index 8abd0f3..a796a16 100644 --- a/ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch +++ b/ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch @@ -1,8 +1,13 @@ commit cf1f57443158bcbe84a213e8dc631a302993f9a2 Author: Thilo Borgmann Date: Mon Jul 18 16:09:46 2022 +0200 +References: CVE-2023-50009 +References: https://bugzilla.opensuse.org/1172423 - lavfi/edge_common: Templatify ff_gaussian_blur and ff_sobel +lavfi/edge_common: Templatify ff_gaussian_blur and ff_sobel + +[Backport cf1f5744 from upstream, Templatify function ff_gaussian_blur +and ff_sobel to prepare fix support for CVE-2023-50009. -qzhao] diff --git a/libavfilter/edge_common.c b/libavfilter/edge_common.c index d72e8521cd..ebd47d7c53 100644