ffmpeg: fix for CVE-2022-3965 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Narpat Mali <narpat.mali@windriver.com>	2022-11-23 14:27:45 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-12-01 19:35:04 +0000
commit	b712955b3b05da7c7a964b8eaf626db788e06387 (patch)
tree	f9155264e5abfe369fab6f3db7c7cc81741ed4d5 /meta/recipes-devtools/python/python3/CVE-2022-42919.patch
parent	fbb6e1401395cbe3a5f67392a43157ed104f8b42 (diff)
download	poky-b712955b3b05da7c7a964b8eaf626db788e06387.tar.gz

ffmpeg: fix for CVE-2022-3965

A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544. Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-3965 Upstream Fix: https://github.com/FFmpeg/FFmpeg/commit/13c13109759090b7f7182480d075e13b36ed8edd (From OE-Core rev: c1f1ab29b5e2911a15b072e7feb0133320bad976) Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta/recipes-devtools/python/python3/CVE-2022-42919.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: