ffmpeg: fix for CVE-2022-3964 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Narpat Mali <narpat.mali@windriver.com>	2022-11-23 14:20:22 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-12-07 15:02:50 +0000
commit	00a6b3fc5fb02a6bbf1d3d8bb0735dd9db862865 (patch)
tree	8fd4334255dc4ff5c8087e9b8a706d5c27973b4d /scripts/lib/scriptpath.py
parent	bbc86eab1335541a2e0fd898fd72664948483d9a (diff)
download	poky-00a6b3fc5fb02a6bbf1d3d8bb0735dd9db862865.tar.gz

ffmpeg: fix for CVE-2022-3964

A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543. Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-3964 Upstream Fix: https://github.com/FFmpeg/FFmpeg/commit/92f9b28ed84a77138105475beba16c146bdaf984 (From OE-Core rev: 4d2eec66fb3979b9676466258a1af5321a68b237) Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 4595f85e7ce867d68ca9d6a6e3ad2544565be3cc) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/scriptpath.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: