]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4595f85) | patch
ffmpeg: fix for CVE-2022-3965
authorNarpat Mali <narpat.mali@windriver.com>
Wed, 23 Nov 2022 14:21:38 +0000 (14:21 +0000)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sun, 27 Nov 2022 23:50:01 +0000 (23:50 +0000)
commitb88c96fe8964614978aa25a65dd34fc3c05c664c
tree29ed0e429285088b17dc7147a5a25a024d26ac0btree | snapshot
parent4595f85e7ce867d68ca9d6a6e3ad2544565be3cccommit | diff
ffmpeg: fix for CVE-2022-3965

A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function
smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The
manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely.
The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to
fix this issue. The identifier of this vulnerability is VDB-213544.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-3965

Upstream Fix:
https://github.com/FFmpeg/FFmpeg/commit/13c13109759090b7f7182480d075e13b36ed8edd

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch [new file with mode: 0644] blob
meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.2.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core