ffmpeg: fix CVE-2024-35366 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Archana Polampalli <archana.polampalli@windriver.com>	2024-12-13 10:11:21 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-12-23 05:46:32 -0800
commit	93dc7300c09d2cf340d03d9bbb833f9bf8b28de9 (patch)
tree	2c273b01a27fc52216e9fead480d7a08bd571e3d /documentation/set_versions.py
parent	8f8989071a41ea73e9c2977445f45d541b7a198f (diff)
download	poky-93dc7300c09d2cf340d03d9bbb833f9bf8b28de9.tar.gz

ffmpeg: fix CVE-2024-35366

FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking. (From OE-Core rev: a07bc254011736c0f0445607c56609be677ea8a7) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'documentation/set_versions.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: