]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a5e0e1f) | patch
ffmpeg: fix CVE-2024-7055
authorArchana Polampalli <archana.polampalli@windriver.com>
Fri, 6 Dec 2024 13:11:48 +0000 (13:11 +0000)
committerSteve Sakoman <steve@sakoman.com>
Fri, 6 Dec 2024 17:03:25 +0000 (09:03 -0800)
commit71a9c2d01ad8ed83f9da6e6b9541fcf1d9baed48
tree0460fb82e5eb2298e0c50fc451e4a426a976608ctree | snapshot
parenta5e0e1f8be3c6611c09158c80e26848ae3d4f4e7commit | diff
ffmpeg: fix CVE-2024-7055

A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical.
This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c.
The manipulation leads to heap-based buffer overflow. It is possible to initiate
the attack remotely. The exploit has been disclosed to the public and may be used.
Upgrading to version 7.0.2 is able to address this issue. It is recommended to
upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-7055.patch [new file with mode: 0644] blob
meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core