summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35369.patch38
-rw-r--r--meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb1
2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35369.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35369.patch
new file mode 100644
index 0000000000..b408ee2edc
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35369.patch
@@ -0,0 +1,38 @@
1From 0895ef0d6d6406ee6cd158fc4d47d80f201b8e9c Mon Sep 17 00:00:00 2001
2From: James Almer <jamrial@gmail.com>
3Date: Sat, 17 Feb 2024 09:45:57 -0300
4Subject: [PATCH] avcodec/speexdec: further check for sane frame_size
5 values
6
7Prevent potential integer overflows.
8
9Signed-off-by: James Almer <jamrial@gmail.com>
10
11CVE: CVE-2024-35369
12
13Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/0895ef0d6d6406ee6cd158fc4d47d80f201b8e9c]
14
15Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
16---
17 libavcodec/speexdec.c | 5 +++--
18 1 file changed, 3 insertions(+), 2 deletions(-)
19
20diff --git a/libavcodec/speexdec.c b/libavcodec/speexdec.c
21index 5b016df..f1f739a 100644
22--- a/libavcodec/speexdec.c
23+++ b/libavcodec/speexdec.c
24@@ -1419,9 +1419,10 @@ static int parse_speex_extradata(AVCodecContext *avctx,
25 return AVERROR_INVALIDDATA;
26 s->bitrate = bytestream_get_le32(&buf);
27 s->frame_size = bytestream_get_le32(&buf);
28- if (s->frame_size < NB_FRAME_SIZE << (s->mode > 0))
29+ if (s->frame_size < NB_FRAME_SIZE << (s->mode > 0) ||
30+ s->frame_size > INT32_MAX >> (s->mode > 0))
31 return AVERROR_INVALIDDATA;
32- s->frame_size *= 1 + (s->mode > 0);
33+ s->frame_size <<= (s->mode > 0);
34 s->vbr = bytestream_get_le32(&buf);
35 s->frames_per_packet = bytestream_get_le32(&buf);
36 if (s->frames_per_packet <= 0 ||
37--
382.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index 2048e51962..2173105fd3 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -49,6 +49,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
49 file://CVE-2024-36617.patch \ 49 file://CVE-2024-36617.patch \
50 file://CVE-2024-36618.patch \ 50 file://CVE-2024-36618.patch \
51 file://CVE-2024-28661.patch \ 51 file://CVE-2024-28661.patch \
52 file://CVE-2024-35369.patch \
52 " 53 "
53 54
54SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b" 55SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"