首页 发现 帮助
登录
crispAudio
/
poky
镜像自地址 git://git.yoctoproject.org/poky
5
0
派生 0
文件 工单管理 0 Wiki
浏览代码

ffmpeg: fix CVE-2025-0518

Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows
Read Sensitive Constants Within an Executable. This vulnerability is associated
with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C
This issue affects FFmpeg: 7.1.
Issue was fixed:  https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a
https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a
This issue was discovered by: Simcha Kosma

(From OE-Core rev: 75ad6e004de95ff6208820ccf2c0af01d9363749)

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Archana Polampalli 2 月之前
父节点
6dfa4d7a28
当前提交
a7888d9d2f
共有 2 个文件被更改,包括 35 次插入0 次删除
分列视图 显示文件统计
  1. 34 0
      meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch
  2. 1 0
      meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb

+ 34 - 0
meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch
查看文件 

@@ -0,0 +1,34 @@
 
+From b5b6391d64807578ab872dc58fb8aa621dcfc38a Mon Sep 17 00:00:00 2001
 
+From: Michael Niedermayer <michael@niedermayer.cc>
 
+Date: Mon, 6 Jan 2025 22:01:39 +0100
 
+Subject: [PATCH] avfilter/af_pan: Fix sscanf() use
 
+
 
+Fixes: Memory Data Leak
 
+
 
+Found-by: Simcha Kosman <simcha.kosman@cyberark.com>
 
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 
+
 
+CVE: CVE-2025-0518
 
+
 
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a]
 
+
 
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
 
+---
 
+ libavfilter/af_pan.c | 2 +-
 
+ 1 file changed, 1 insertion(+), 1 deletion(-)
 
+
 
+diff --git a/libavfilter/af_pan.c b/libavfilter/af_pan.c
 
+index cfed9f1..ffcd214 100644
 
+--- a/libavfilter/af_pan.c
 
++++ b/libavfilter/af_pan.c
 
+@@ -165,7 +165,7 @@ static av_cold int init(AVFilterContext *ctx)
 
+         sign = 1;
 
+         while (1) {
 
+             gain = 1;
 
+-            if (sscanf(arg, "%lf%n *%n", &gain, &len, &len))
 
++            if (sscanf(arg, "%lf%n *%n", &gain, &len, &len) >= 1)
 
+                 arg += len;
 
+             if (parse_channel_name(&arg, &in_ch_id, &named)){
 
+                 av_log(ctx, AV_LOG_ERROR,
 
+--
 
+2.40.0

+ 1 - 0
meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
查看文件 

@@ -50,6 +50,7 @@ SRC_URI = " \
 
     file://CVE-2025-25473.patch \
 
     file://CVE-2025-25471.patch \
 
     file://CVE-2025-22921.patch \
 
+    file://CVE-2025-0518.patch \
 
 "
 
 
 SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968"