From: Colin Pinnell McAllister <colin.mcallister@garmin.com>
Date: Tue, 24 Jun 2025 20:03:03 +0000 (-0500)
Subject: ffmpeg: fix CVE-2022-48434
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a8c6e2da68c9fc6c692b41c7370ec937680f788c;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

ffmpeg: fix CVE-2022-48434

The patch for CVE-2022-48434 was removed when ffmpeg was updated to
5.0.3. The CVE was fixed in 5.0.2, but NVD has not updated the affected
versions yet. Added an ignore for this CVE to mark as fixed.

Signed-off-by: Colin Pinnell McAllister <colin.mcallister@garmin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb
index dcdb65d2eb..57bd4c5442 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb
@@ -86,6 +86,10 @@ CVE_CHECK_IGNORE += "CVE-2024-7272"
 # bugfix: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/43be8d07281caca2e88bfd8ee2333633e1fb1a13
 CVE_CHECK_IGNORE += "CVE-2025-1373"
 
+# This vulnerability was fixed in 5.0.2
+# bugfix: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3bc28e9d1ab33627cea3c632dd6b0c33e22e93ba
+CVE_CHECK_IGNORE += "CVE-2022-48434"
+
 # Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717
 ARM_INSTRUCTION_SET:armv4 = "arm"
 ARM_INSTRUCTION_SET:armv5 = "arm"