ffmpeg: fix CVE-2024-35366 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Archana Polampalli <archana.polampalli@windriver.com>	2025-01-03 07:11:36 +0000
committer	Steve Sakoman <steve@sakoman.com>	2025-01-09 08:41:04 -0800
commit	c17700b7845a899d40bcd7012c46d984f12e6fab (patch)
tree	27b470b99ba46ced3e48598c906bc376c7a1a63e /scripts/lib/devtool/sdk.py
parent	de796b196657ad42056b84e7723253619a6176b6 (diff)
download	poky-c17700b7845a899d40bcd7012c46d984f12e6fab.tar.gz

ffmpeg: fix CVE-2024-35366

FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking. (From OE-Core rev: 9acfc54b2707bf04922f153d06ae27ff552fbe23) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/devtool/sdk.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: