git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit

ffmpeg: fix multiple CVEs

CVE-2023-6605:
A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET
requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs.

CVE-2023-6604:
A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load
and storage consumption, potentially leading to degraded performance or denial of service
via the demuxing of arbitrary data as XBIN-formatted data without proper format validation.

CVE-2023-6602:
flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration
via improper parsing of non-TTY-compliant input files in HLS playlists.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

author	Archana Polampalli <archana.polampalli@windriver.com>
	Fri, 5 Sep 2025 05:40:44 +0000 (11:10 +0530)
committer	Steve Sakoman <steve@sakoman.com>
	Fri, 5 Sep 2025 13:39:28 +0000 (06:39 -0700)
commit	aa68992ddc5744bb4fdbb3a3cd0636b303449be2
tree	30a66a5e6a7fb13e3ae48e65206f375a91478500	tree \| snapshot
parent	a8344e051e4c705df69f4787726a9eca5c780eff	commit \| diff

meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-6602-CVE-2023-6604-CVE-2023-6605-0001.patch	[new file with mode: 0644]	blob
meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-6602-CVE-2023-6604-CVE-2023-6605-0002.patch	[new file with mode: 0644]	blob
meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-6602-CVE-2023-6604-CVE-2023-6605-0003.patch	[new file with mode: 0644]	blob
meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb		diff \| blob \| blame \| history