ffmpeg: fix CVE-2025-1594

A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. (From OE-Core rev: 5a922eb95da7d373ee2bc3018065448fa128e69a) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Archana Polampalli <archana.polampalli@windriver.com> 2025-09-05 11:10:45 +0530
committer: Steve Sakoman <steve@sakoman.com> 2025-09-12 09:24:24 -0700
commit: 4f27d5ff829dbec6128cdb187ca76e621da13454 (patch)
tree: 482d0a119bd994bb89bb052c53ff25b571bf31f5 /meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb
parent: e9b1bb75ffed3870c37aa83108f2dc5eb9f1894c (diff)
download: poky-4f27d5ff829dbec6128cdb187ca76e621da13454.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb
index 27a9a80e8c..a46cb3480a 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb
@@ -52,6 +52,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
           file://CVE-2023-6602-CVE-2023-6604-CVE-2023-6605-0001.patch \
           file://CVE-2023-6602-CVE-2023-6604-CVE-2023-6605-0002.patch \
           file://CVE-2023-6602-CVE-2023-6604-CVE-2023-6605-0003.patch \
+           file://CVE-2025-1594.patch \
          "
 SRC_URI[sha256sum] = "04c70c377de233a4b217c2fdf76b19aeb225a287daeb2348bccd978c47b1a1db"
author	Archana Polampalli <archana.polampalli@windriver.com>	2025-09-05 11:10:45 +0530
committer	Steve Sakoman <steve@sakoman.com>	2025-09-12 09:24:24 -0700
commit	4f27d5ff829dbec6128cdb187ca76e621da13454 (patch)
tree	482d0a119bd994bb89bb052c53ff25b571bf31f5 /meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb
parent	e9b1bb75ffed3870c37aa83108f2dc5eb9f1894c (diff)
download	poky-4f27d5ff829dbec6128cdb187ca76e621da13454.tar.gz

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb index 27a9a80e8c..a46cb3480a 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb
@@ -52,6 +52,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
52	file://CVE-2023-6602-CVE-2023-6604-CVE-2023-6605-0001.patch \	52	file://CVE-2023-6602-CVE-2023-6604-CVE-2023-6605-0001.patch \
53	file://CVE-2023-6602-CVE-2023-6604-CVE-2023-6605-0002.patch \	53	file://CVE-2023-6602-CVE-2023-6604-CVE-2023-6605-0002.patch \
54	file://CVE-2023-6602-CVE-2023-6604-CVE-2023-6605-0003.patch \	54	file://CVE-2023-6602-CVE-2023-6604-CVE-2023-6605-0003.patch \
		55	file://CVE-2025-1594.patch \
55	"	56	"
56		57
57	SRC_URI[sha256sum] = "04c70c377de233a4b217c2fdf76b19aeb225a287daeb2348bccd978c47b1a1db"	58	SRC_URI[sha256sum] = "04c70c377de233a4b217c2fdf76b19aeb225a287daeb2348bccd978c47b1a1db"