2 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch
new file mode 100644
index 0000000000..d7623a5b9d
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch
@@ -0,0 +1,34 @@
+From b5b6391d64807578ab872dc58fb8aa621dcfc38a Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Mon, 6 Jan 2025 22:01:39 +0100
+Subject: [PATCH 1/4] avfilter/af_pan: Fix sscanf() use
+Fixes: Memory Data Leak
+Found-by: Simcha Kosman <simcha.kosman@cyberark.com>
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+CVE: CVE-2025-0518
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a]
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavfilter/af_pan.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/libavfilter/af_pan.c b/libavfilter/af_pan.c
+index a8a1896..6f8d2a4 100644
+--- a/libavfilter/af_pan.c
+++ b/libavfilter/af_pan.c
+@@ -178,7 +178,7 @@ static av_cold int init(AVFilterContext *ctx)
+         sign = 1;
+         while (1) {
+             gain = 1;
+-            if (sscanf(arg, "%lf%n *%n", &gain, &len, &len))
+            if (sscanf(arg, "%lf%n *%n", &gain, &len, &len) >= 1)
+                 arg += len;
+             if (parse_channel_name(&arg, &in_ch_id, &named)){
+                 av_log(ctx, AV_LOG_ERROR,
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index 9aecdf07e0..049d9fd9ec 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -43,6 +43,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
           file://CVE-2024-35366.patch \
           file://CVE-2024-35367.patch \
           file://CVE-2024-35368.patch \
+           file://CVE-2025-0518.patch \
          "
 SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch new file mode 100644 index 0000000000..d7623a5b9d --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch
@@ -0,0 +1,34 @@
		1	From b5b6391d64807578ab872dc58fb8aa621dcfc38a Mon Sep 17 00:00:00 2001
		2	From: Michael Niedermayer <michael@niedermayer.cc>
		3	Date: Mon, 6 Jan 2025 22:01:39 +0100
		4	Subject: [PATCH 1/4] avfilter/af_pan: Fix sscanf() use
		5
		6	Fixes: Memory Data Leak
		7
		8	Found-by: Simcha Kosman <simcha.kosman@cyberark.com>
		9	Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
		10
		11	CVE: CVE-2025-0518
		12
		13	Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a]
		14
		15	Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
		16	---
		17	libavfilter/af_pan.c \| 2 +-
		18	1 file changed, 1 insertion(+), 1 deletion(-)
		19
		20	diff --git a/libavfilter/af_pan.c b/libavfilter/af_pan.c
		21	index a8a1896..6f8d2a4 100644
		22	--- a/libavfilter/af_pan.c
		23	+++ b/libavfilter/af_pan.c
		24	@@ -178,7 +178,7 @@ static av_cold int init(AVFilterContext *ctx)
		25	sign = 1;
		26	while (1) {
		27	gain = 1;
		28	- if (sscanf(arg, "%lf%n *%n", &gain, &len, &len))
		29	+ if (sscanf(arg, "%lf%n *%n", &gain, &len, &len) >= 1)
		30	arg += len;
		31	if (parse_channel_name(&arg, &in_ch_id, &named)){
		32	av_log(ctx, AV_LOG_ERROR,
		33	--
		34	2.40.0


diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb index 9aecdf07e0..049d9fd9ec 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -43,6 +43,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
43	file://CVE-2024-35366.patch \	43	file://CVE-2024-35366.patch \
44	file://CVE-2024-35367.patch \	44	file://CVE-2024-35367.patch \
45	file://CVE-2024-35368.patch \	45	file://CVE-2024-35368.patch \
		46	file://CVE-2025-0518.patch \
46	"	47	"
47		48
48	SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"	49	SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"