ffmpeg: fix CVE-2023-49501

Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_output function in the libavfilter/asrc_afirsrc.c:495:30 component. (From OE-Core rev: 873025145d42ffe75d421884160ec299d85d21ef) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Archana Polampalli <archana.polampalli@windriver.com> 2024-12-06 13:11:44 +0000
committer: Steve Sakoman <steve@sakoman.com> 2024-12-13 05:21:53 -0800
commit: 2f5de1668ce189dcb31999045a2e6ca5ac584912 (patch)
tree: 2f64f44bb4ad1d59be237e6b6332ef58cc5456de /meta/recipes-multimedia/ffmpeg
parent: f636d6eed72091fc2672f78eb0f5bf319b3d390f (diff)
download: poky-2f5de1668ce189dcb31999045a2e6ca5ac584912.tar.gz
2 files changed, 31 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49501.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49501.patch
new file mode 100644
index 0000000000..80d542952a
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49501.patch
@@ -0,0 +1,30 @@
+From 4adb93dff05dd947878c67784d98c9a4e13b57a7 Mon Sep 17 00:00:00 2001
+From: Paul B Mahol <onemda@gmail.com>
+Date: Thu, 23 Nov 2023 14:58:35 +0100
+Subject: [PATCH] avfilter/asrc_afirsrc: fix by one smaller allocation of
+ buffer
+CVE: CVE-2023-49501
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/4adb93dff05dd947878c67784d98c9a4e13b57a7]
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavfilter/asrc_afirsrc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/libavfilter/asrc_afirsrc.c b/libavfilter/asrc_afirsrc.c
+index e2359c1..ea04c35 100644
+--- a/libavfilter/asrc_afirsrc.c
+++ b/libavfilter/asrc_afirsrc.c
+@@ -480,7 +480,7 @@ static av_cold int config_eq_output(AVFilterLink *outlink)
+         if (ret < 0)
+             return ret;
+-        s->magnitude = av_calloc(s->nb_magnitude, sizeof(*s->magnitude));
+        s->magnitude = av_calloc(s->nb_magnitude + 1, sizeof(*s->magnitude));
+         if (!s->magnitude)
+             return AVERROR(ENOMEM);
+         memcpy(s->magnitude, eq_presets[s->preset].gains, sizeof(*s->magnitude) * s->nb_magnitude);
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
index 84bba3b7b6..47be4d3e71 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
@@ -32,6 +32,7 @@ SRC_URI = " \
    file://CVE-2024-31582.patch \
    file://CVE-2023-50008.patch \
    file://CVE-2024-32230.patch \
+    file://CVE-2023-49501.patch \
 "
 SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968"
author	Archana Polampalli <archana.polampalli@windriver.com>	2024-12-06 13:11:44 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-12-13 05:21:53 -0800
commit	2f5de1668ce189dcb31999045a2e6ca5ac584912 (patch)
tree	2f64f44bb4ad1d59be237e6b6332ef58cc5456de /meta/recipes-multimedia/ffmpeg
parent	f636d6eed72091fc2672f78eb0f5bf319b3d390f (diff)
download	poky-2f5de1668ce189dcb31999045a2e6ca5ac584912.tar.gz

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49501.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49501.patch new file mode 100644 index 0000000000..80d542952a --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49501.patch
@@ -0,0 +1,30 @@
		1	From 4adb93dff05dd947878c67784d98c9a4e13b57a7 Mon Sep 17 00:00:00 2001
		2	From: Paul B Mahol <onemda@gmail.com>
		3	Date: Thu, 23 Nov 2023 14:58:35 +0100
		4	Subject: [PATCH] avfilter/asrc_afirsrc: fix by one smaller allocation of
		5	buffer
		6
		7	CVE: CVE-2023-49501
		8
		9	Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/4adb93dff05dd947878c67784d98c9a4e13b57a7]
		10
		11	Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
		12	---
		13	libavfilter/asrc_afirsrc.c \| 2 +-
		14	1 file changed, 1 insertion(+), 1 deletion(-)
		15
		16	diff --git a/libavfilter/asrc_afirsrc.c b/libavfilter/asrc_afirsrc.c
		17	index e2359c1..ea04c35 100644
		18	--- a/libavfilter/asrc_afirsrc.c
		19	+++ b/libavfilter/asrc_afirsrc.c
		20	@@ -480,7 +480,7 @@ static av_cold int config_eq_output(AVFilterLink *outlink)
		21	if (ret < 0)
		22	return ret;
		23
		24	- s->magnitude = av_calloc(s->nb_magnitude, sizeof(*s->magnitude));
		25	+ s->magnitude = av_calloc(s->nb_magnitude + 1, sizeof(*s->magnitude));
		26	if (!s->magnitude)
		27	return AVERROR(ENOMEM);
		28	memcpy(s->magnitude, eq_presets[s->preset].gains, sizeof(s->magnitude) s->nb_magnitude);
		29	--
		30	2.40.0


diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb index 84bba3b7b6..47be4d3e71 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
@@ -32,6 +32,7 @@ SRC_URI = " \
32	file://CVE-2024-31582.patch \	32	file://CVE-2024-31582.patch \
33	file://CVE-2023-50008.patch \	33	file://CVE-2023-50008.patch \
34	file://CVE-2024-32230.patch \	34	file://CVE-2024-32230.patch \
		35	file://CVE-2023-49501.patch \
35	"	36	"
36		37
37	SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968"	38	SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968"