diff options
| author | Archana Polampalli <archana.polampalli@windriver.com> | 2025-03-05 16:14:43 +0000 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2025-03-08 06:22:57 -0800 |
| commit | a7888d9d2f2f0f77426370175d234f9cd54420d7 (patch) | |
| tree | a9648494eecd085eceaf841a936c215066d71e5f | |
| parent | 6dfa4d7a28a7d790b2722756858b7a7510493a88 (diff) | |
| download | poky-a7888d9d2f2f0f77426370175d234f9cd54420d7.tar.gz | |
ffmpeg: fix CVE-2025-0518
Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows
Read Sensitive Constants Within an Executable. This vulnerability is associated
with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C
This issue affects FFmpeg: 7.1.
Issue was fixed: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a
https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a
This issue was discovered by: Simcha Kosma
(From OE-Core rev: 75ad6e004de95ff6208820ccf2c0af01d9363749)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
| -rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch | 34 | ||||
| -rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb | 1 |
2 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch new file mode 100644 index 0000000000..d3e02bebe6 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch | |||
| @@ -0,0 +1,34 @@ | |||
| 1 | From b5b6391d64807578ab872dc58fb8aa621dcfc38a Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Michael Niedermayer <michael@niedermayer.cc> | ||
| 3 | Date: Mon, 6 Jan 2025 22:01:39 +0100 | ||
| 4 | Subject: [PATCH] avfilter/af_pan: Fix sscanf() use | ||
| 5 | |||
| 6 | Fixes: Memory Data Leak | ||
| 7 | |||
| 8 | Found-by: Simcha Kosman <simcha.kosman@cyberark.com> | ||
| 9 | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | ||
| 10 | |||
| 11 | CVE: CVE-2025-0518 | ||
| 12 | |||
| 13 | Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a] | ||
| 14 | |||
| 15 | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> | ||
| 16 | --- | ||
| 17 | libavfilter/af_pan.c | 2 +- | ||
| 18 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 19 | |||
| 20 | diff --git a/libavfilter/af_pan.c b/libavfilter/af_pan.c | ||
| 21 | index cfed9f1..ffcd214 100644 | ||
| 22 | --- a/libavfilter/af_pan.c | ||
| 23 | +++ b/libavfilter/af_pan.c | ||
| 24 | @@ -165,7 +165,7 @@ static av_cold int init(AVFilterContext *ctx) | ||
| 25 | sign = 1; | ||
| 26 | while (1) { | ||
| 27 | gain = 1; | ||
| 28 | - if (sscanf(arg, "%lf%n *%n", &gain, &len, &len)) | ||
| 29 | + if (sscanf(arg, "%lf%n *%n", &gain, &len, &len) >= 1) | ||
| 30 | arg += len; | ||
| 31 | if (parse_channel_name(&arg, &in_ch_id, &named)){ | ||
| 32 | av_log(ctx, AV_LOG_ERROR, | ||
| 33 | -- | ||
| 34 | 2.40.0 | ||
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb index bd1259d392..06ca65a480 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb | |||
| @@ -50,6 +50,7 @@ SRC_URI = " \ | |||
| 50 | file://CVE-2025-25473.patch \ | 50 | file://CVE-2025-25473.patch \ |
| 51 | file://CVE-2025-25471.patch \ | 51 | file://CVE-2025-25471.patch \ |
| 52 | file://CVE-2025-22921.patch \ | 52 | file://CVE-2025-22921.patch \ |
| 53 | file://CVE-2025-0518.patch \ | ||
| 53 | " | 54 | " |
| 54 | 55 | ||
| 55 | SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968" | 56 | SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968" |