diff options
author | Narpat Mali <narpat.mali@windriver.com> | 2022-11-23 14:21:38 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-11-27 23:54:50 +0000 |
commit | c867f67bdb146b42cc2816314954096143124e49 (patch) | |
tree | 0bf777ab0d400d88620c651b0b2e097a856c0924 /meta/recipes-devtools/rsync | |
parent | 2a642aa2b1b96bd84e650a7c3ebade4d2d7c3863 (diff) | |
download | poky-c867f67bdb146b42cc2816314954096143124e49.tar.gz |
ffmpeg: fix for CVE-2022-3965
A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function
smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The
manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely.
The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to
fix this issue. The identifier of this vulnerability is VDB-213544.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-3965
Upstream Fix:
https://github.com/FFmpeg/FFmpeg/commit/13c13109759090b7f7182480d075e13b36ed8edd
(From OE-Core rev: b88c96fe8964614978aa25a65dd34fc3c05c664c)
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/rsync')
0 files changed, 0 insertions, 0 deletions