forked from jengelh/ffmpeg-5
Add ffmpeg-4-CVE-2024-7055.patch:
Backporting 3faadbe2 from upstream, Use 64bit for input size check, Fixes: out of array read, Fixes: poc3. (CVE-2024-7055, bsc#1229026)
This commit is contained in:
parent
f7cbde4c45
commit
32ade1364a
29
ffmpeg-5-CVE-2024-7055.patch
Normal file
29
ffmpeg-5-CVE-2024-7055.patch
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
From 3faadbe2a27e74ff5bb5f7904ec27bb1f5287dc8 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michael Niedermayer <michael@niedermayer.cc>
|
||||||
|
Date: Thu, 18 Jul 2024 21:12:54 +0200
|
||||||
|
Subject: [PATCH] avcodec/pnmdec: Use 64bit for input size check
|
||||||
|
References: CVE-2024-7055
|
||||||
|
References: bsc#1229026
|
||||||
|
Upstream: Backport from upstream
|
||||||
|
|
||||||
|
Fixes: out of array read
|
||||||
|
Fixes: poc3
|
||||||
|
|
||||||
|
Reported-by: VulDB CNA Team
|
||||||
|
Found-by: CookedMelon
|
||||||
|
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
||||||
|
---
|
||||||
|
libavcodec/pnmdec.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
--- ffmpeg-5.1.4/libavcodec/pnmdec.c
|
||||||
|
+++ ffmpeg-5.1.4_new/libavcodec/pnmdec.c
|
||||||
|
@@ -260,7 +260,7 @@
|
||||||
|
break;
|
||||||
|
case AV_PIX_FMT_GBRPF32:
|
||||||
|
if (!s->half) {
|
||||||
|
- if (avctx->width * avctx->height * 12 > s->bytestream_end - s->bytestream)
|
||||||
|
+ if (avctx->width * avctx->height * 12LL > s->bytestream_end - s->bytestream)
|
||||||
|
return AVERROR_INVALIDDATA;
|
||||||
|
scale = 1.f / s->scale;
|
||||||
|
if (s->endian) {
|
Binary file not shown.
@ -1,3 +1,11 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Sep 6 15:06:21 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
||||||
|
|
||||||
|
- Add ffmpeg-5-CVE-2024-7055.patch:
|
||||||
|
Backporting 3faadbe2 from upstream, Use 64bit for input size check,
|
||||||
|
Fixes: out of array read, Fixes: poc3.
|
||||||
|
(CVE-2024-7055, bsc#1229026)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sun Sep 1 18:04:27 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
|
Sun Sep 1 18:04:27 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
@ -48,7 +56,7 @@ Tue Apr 27 11:38:35 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
|||||||
|
|
||||||
- Add ffmpeg-CVE-2023-50010.patch:
|
- Add ffmpeg-CVE-2023-50010.patch:
|
||||||
Backporting e4d2666b from upstream, fixes the out of array access.
|
Backporting e4d2666b from upstream, fixes the out of array access.
|
||||||
(CVE-2023-50010 bsc#1223256)
|
(CVE-2023-50010, bsc#1223256)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Apr 26 22:16:48 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
|
Fri Apr 26 22:16:48 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
|
||||||
@ -62,7 +70,7 @@ Tue Apr 26 12:18:26 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
|||||||
- Add ffmpeg-CVE-2023-50009.patch:
|
- Add ffmpeg-CVE-2023-50009.patch:
|
||||||
Backporting c443658d from upstream, Fix small inputs with
|
Backporting c443658d from upstream, Fix small inputs with
|
||||||
gaussian_blur().
|
gaussian_blur().
|
||||||
(CVE-2023-50009 bsc#1223255)
|
(CVE-2023-50009, bsc#1223255)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Apr 24 10:48:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
Tue Apr 24 10:48:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
||||||
@ -70,14 +78,14 @@ Tue Apr 24 10:48:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
|||||||
- Add ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch:
|
- Add ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch:
|
||||||
Backporting cf1f5744 from upstream, Templatify function
|
Backporting cf1f5744 from upstream, Templatify function
|
||||||
ff_gaussian_blur and ff_sobel to prepare fix support for CVE-2023-50009.
|
ff_gaussian_blur and ff_sobel to prepare fix support for CVE-2023-50009.
|
||||||
(CVE-2023-50009 bsc#1223255)
|
(CVE-2023-50009, bsc#1223255)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Apr 23 16:14:18 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
Thu Apr 23 16:14:18 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
||||||
|
|
||||||
- Add ffmpeg-CVE-2023-51793.patch:
|
- Add ffmpeg-CVE-2023-51793.patch:
|
||||||
Backporting 0ecc1f0e from upstream, Fix odd height handling.
|
Backporting 0ecc1f0e from upstream, Fix odd height handling.
|
||||||
(CVE-2023-51793 bsc#1223272)
|
(CVE-2023-51793, bsc#1223272)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
||||||
@ -85,21 +93,21 @@ Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
|||||||
- Add ffmpeg-CVE-2023-49502.patch:
|
- Add ffmpeg-CVE-2023-49502.patch:
|
||||||
Backporting 737ede40 from upstream, account for chroma sub-sampling
|
Backporting 737ede40 from upstream, account for chroma sub-sampling
|
||||||
in min size calculation.
|
in min size calculation.
|
||||||
(CVE-2023-49502 bsc#1223235)
|
(CVE-2023-49502, bsc#1223235)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Apr 23 14:05:28 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
Thu Apr 23 14:05:28 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
||||||
|
|
||||||
- Add ffmpeg-CVE-2023-50008.patch:
|
- Add ffmpeg-CVE-2023-50008.patch:
|
||||||
Backporting 5f87a68c from upstream, Fix memory leaks.
|
Backporting 5f87a68c from upstream, Fix memory leaks.
|
||||||
(CVE-2023-50008 bsc#1223254)
|
(CVE-2023-50008, bsc#1223254)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Apr 23 12:22:53 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
Thu Apr 23 12:22:53 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
||||||
|
|
||||||
- Add ffmpeg-CVE-2023-50007.patch:
|
- Add ffmpeg-CVE-2023-50007.patch:
|
||||||
Backporting b1942734 from upstream, Fix crash with EOF handling.
|
Backporting b1942734 from upstream, Fix crash with EOF handling.
|
||||||
(CVE-2023-50007 bsc#1223253)
|
(CVE-2023-50007, bsc#1223253)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Apr 22 23:10:31 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
|
Mon Apr 22 23:10:31 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
@ -127,6 +127,7 @@ Patch99: ffmpeg-CVE-2023-50009.patch
|
|||||||
Patch100: ffmpeg-CVE-2023-50010.patch
|
Patch100: ffmpeg-CVE-2023-50010.patch
|
||||||
Patch102: ffmpeg-5-CVE-2024-32230.patch
|
Patch102: ffmpeg-5-CVE-2024-32230.patch
|
||||||
Patch103: ffmpeg-5-CVE-2024-7272.patch
|
Patch103: ffmpeg-5-CVE-2024-7272.patch
|
||||||
|
Patch104: ffmpeg-5-CVE-2024-7055.patch
|
||||||
#
|
#
|
||||||
# preamble is present twice, watch out
|
# preamble is present twice, watch out
|
||||||
#
|
#
|
||||||
|
Binary file not shown.
Loading…
Reference in New Issue
Block a user