ffmpeg: fix for CVE-2022-3964 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Narpat Mali <narpat.mali@windriver.com>	2022-11-23 14:27:04 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-12-01 19:35:04 +0000
commit	fbb6e1401395cbe3a5f67392a43157ed104f8b42 (patch)
tree	4c278fef4424531c35c4e141034e8f92a1b11ed2 /meta/recipes-devtools/python/python3/CVE-2022-42919.patch
parent	97a593210126ffc2c5ffe3961e17c9810a66742a (diff)
download	poky-fbb6e1401395cbe3a5f67392a43157ed104f8b42.tar.gz

ffmpeg: fix for CVE-2022-3964

A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543. Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-3964 Upstream Fix: https://github.com/FFmpeg/FFmpeg/commit/92f9b28ed84a77138105475beba16c146bdaf984 (From OE-Core rev: 40a1c9d3c839df6479582ac27264fac851a0d4c3) Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta/recipes-devtools/python/python3/CVE-2022-42919.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: