summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorArchana Polampalli <archana.polampalli@windriver.com>2025-02-21 06:03:06 +0000
committerSteve Sakoman <steve@sakoman.com>2025-02-28 06:51:35 -0800
commit89037ea1187de8dbecb1804dab28620570b5ff1b (patch)
tree88d05ed3692143603016961edef1d51be2baa052 /meta
parent7b6ce37e5d76242732bc8f5ab01a932a7c97daa8 (diff)
downloadpoky-89037ea1187de8dbecb1804dab28620570b5ff1b.tar.gz
ffmpeg: fix CVE-2024-35369
In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process. (From OE-Core rev: 3efef582892a5a9286041837098b80aa59d1b688) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35369.patch38
-rw-r--r--meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb1
2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35369.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35369.patch
new file mode 100644
index 0000000000..b408ee2edc
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35369.patch
@@ -0,0 +1,38 @@
1From 0895ef0d6d6406ee6cd158fc4d47d80f201b8e9c Mon Sep 17 00:00:00 2001
2From: James Almer <jamrial@gmail.com>
3Date: Sat, 17 Feb 2024 09:45:57 -0300
4Subject: [PATCH] avcodec/speexdec: further check for sane frame_size
5 values
6
7Prevent potential integer overflows.
8
9Signed-off-by: James Almer <jamrial@gmail.com>
10
11CVE: CVE-2024-35369
12
13Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/0895ef0d6d6406ee6cd158fc4d47d80f201b8e9c]
14
15Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
16---
17 libavcodec/speexdec.c | 5 +++--
18 1 file changed, 3 insertions(+), 2 deletions(-)
19
20diff --git a/libavcodec/speexdec.c b/libavcodec/speexdec.c
21index 5b016df..f1f739a 100644
22--- a/libavcodec/speexdec.c
23+++ b/libavcodec/speexdec.c
24@@ -1419,9 +1419,10 @@ static int parse_speex_extradata(AVCodecContext *avctx,
25 return AVERROR_INVALIDDATA;
26 s->bitrate = bytestream_get_le32(&buf);
27 s->frame_size = bytestream_get_le32(&buf);
28- if (s->frame_size < NB_FRAME_SIZE << (s->mode > 0))
29+ if (s->frame_size < NB_FRAME_SIZE << (s->mode > 0) ||
30+ s->frame_size > INT32_MAX >> (s->mode > 0))
31 return AVERROR_INVALIDDATA;
32- s->frame_size *= 1 + (s->mode > 0);
33+ s->frame_size <<= (s->mode > 0);
34 s->vbr = bytestream_get_le32(&buf);
35 s->frames_per_packet = bytestream_get_le32(&buf);
36 if (s->frames_per_packet <= 0 ||
37--
382.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index 2048e51962..2173105fd3 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -49,6 +49,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
49 file://CVE-2024-36617.patch \ 49 file://CVE-2024-36617.patch \
50 file://CVE-2024-36618.patch \ 50 file://CVE-2024-36618.patch \
51 file://CVE-2024-28661.patch \ 51 file://CVE-2024-28661.patch \
52 file://CVE-2024-35369.patch \
52 " 53 "
53 54
54SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b" 55SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"