2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-7055.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-7055.patch
new file mode 100644
index 0000000000..afd857ceac
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-7055.patch
@@ -0,0 +1,38 @@
+From 587acd0d4020859e67d1f07aeff2c885797ebcce Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Thu, 18 Jul 2024 21:12:54 +0200
+Subject: [PATCH] avcodec/pnmdec: Use 64bit for input size check
+Fixes: out of array read
+Fixes: poc3
+Reported-by: VulDB CNA Team
+Found-by: CookedMelon
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+(cherry picked from commit 3faadbe2a27e74ff5bb5f7904ec27bb1f5287dc8)
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+CVE: CVE-2024-7055
+Upstream-Status: Backport [https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=587acd0d4020859e67d1f07aeff2c885797ebcce]
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavcodec/pnmdec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/libavcodec/pnmdec.c b/libavcodec/pnmdec.c
+index acd77ea..40cc2ae 100644
+--- a/libavcodec/pnmdec.c
+++ b/libavcodec/pnmdec.c
+@@ -264,7 +264,7 @@ static int pnm_decode_frame(AVCodecContext *avctx, AVFrame *p,
+         break;
+     case AV_PIX_FMT_GBRPF32:
+         if (!s->half) {
+-            if (avctx->width * avctx->height * 12 > s->bytestream_end - s->bytestream)
+            if (avctx->width * avctx->height * 12LL > s->bytestream_end - s->bytestream)
+                 return AVERROR_INVALIDDATA;
+             scale = 1.f / s->scale;
+             if (s->endian) {
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
index a793817ec2..8f4a8d34c0 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
@@ -36,6 +36,7 @@ SRC_URI = " \
    file://CVE-2024-28661.patch \
    file://CVE-2023-50007.patch \
    file://CVE-2023-49528.patch \
+    file://CVE-2024-7055.patch \
 "
 SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968"

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-7055.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-7055.patch new file mode 100644 index 0000000000..afd857ceac --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-7055.patch
@@ -0,0 +1,38 @@
		1	From 587acd0d4020859e67d1f07aeff2c885797ebcce Mon Sep 17 00:00:00 2001
		2	From: Michael Niedermayer <michael@niedermayer.cc>
		3	Date: Thu, 18 Jul 2024 21:12:54 +0200
		4	Subject: [PATCH] avcodec/pnmdec: Use 64bit for input size check
		5
		6	Fixes: out of array read
		7	Fixes: poc3
		8
		9	Reported-by: VulDB CNA Team
		10	Found-by: CookedMelon
		11	Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
		12	(cherry picked from commit 3faadbe2a27e74ff5bb5f7904ec27bb1f5287dc8)
		13	Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
		14
		15	CVE: CVE-2024-7055
		16
		17	Upstream-Status: Backport [https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=587acd0d4020859e67d1f07aeff2c885797ebcce]
		18
		19	Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
		20	---
		21	libavcodec/pnmdec.c \| 2 +-
		22	1 file changed, 1 insertion(+), 1 deletion(-)
		23
		24	diff --git a/libavcodec/pnmdec.c b/libavcodec/pnmdec.c
		25	index acd77ea..40cc2ae 100644
		26	--- a/libavcodec/pnmdec.c
		27	+++ b/libavcodec/pnmdec.c
		28	@@ -264,7 +264,7 @@ static int pnm_decode_frame(AVCodecContext avctx, AVFrame p,
		29	break;
		30	case AV_PIX_FMT_GBRPF32:
		31	if (!s->half) {
		32	- if (avctx->width * avctx->height * 12 > s->bytestream_end - s->bytestream)
		33	+ if (avctx->width * avctx->height * 12LL > s->bytestream_end - s->bytestream)
		34	return AVERROR_INVALIDDATA;
		35	scale = 1.f / s->scale;
		36	if (s->endian) {
		37	--
		38	2.40.0


diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb index a793817ec2..8f4a8d34c0 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
@@ -36,6 +36,7 @@ SRC_URI = " \
36	file://CVE-2024-28661.patch \	36	file://CVE-2024-28661.patch \
37	file://CVE-2023-50007.patch \	37	file://CVE-2023-50007.patch \
38	file://CVE-2023-49528.patch \	38	file://CVE-2023-49528.patch \
		39	file://CVE-2024-7055.patch \
39	"	40	"
40		41
41	SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968"	42	SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968"