fix CVE-2024-7055

CVE-2024-7055.patch

@@ -0,0 +1,25 @@
+From d911cb96e55228619a29704dda26d2fddd6779f6 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Tue, 27 Aug 2024 10:14:04 +0800
+Subject: [PATCH] avcodec/pnmdec: Use 64bit for input size check
+
+---
+ libavcodec/pnmdec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libavcodec/pnmdec.c b/libavcodec/pnmdec.c
+index acd77ea..40cc2ae 100644
+--- a/libavcodec/pnmdec.c
++++ b/libavcodec/pnmdec.c
+@@ -264,7 +264,7 @@ static int pnm_decode_frame(AVCodecContext *avctx, AVFrame *p,
+         break;
+     case AV_PIX_FMT_GBRPF32:
+         if (!s->half) {
+-            if (avctx->width * avctx->height * 12 > s->bytestream_end - s->bytestream)
++            if (avctx->width * avctx->height * 12LL > s->bytestream_end - s->bytestream)
+                 return AVERROR_INVALIDDATA;
+             scale = 1.f / s->scale;
+             if (s->endian) {
+-- 
+2.27.0
+

ffmpeg.spec

@@ -62,7 +62,7 @@
 Summary:        Digital VCR and streaming server
 Name:           ffmpeg%{?flavor}
 Version:        6.1.1
-Release:        12
+Release:        13
 License:        GPL-3.0-or-later
 URL:            http://ffmpeg.org/
 Source0:        http://ffmpeg.org/releases/ffmpeg-%{version}.tar.xz
@@ -76,6 +76,8 @@ Patch5:         fix_libsvgdec_compile_error.patch
 Patch6:         CVE-2023-49528.patch
 Patch7:         fix-CVE-2023-49502.patch
 Patch8:         fix-CVE-2024-32230.patch
+Patch9:         CVE-2024-7055.patch
+
 
 Requires:       %{name}-libs%{?_isa} = %{version}-%{release}
 %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel}
@@ -405,6 +407,9 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}
 
 
 %changelog
+* Tue Aug 27 2024 happyworker <208suo@208suo.com> - 6.1.1-13
+- CVE-2024-7055.patch
+
 * Mon Aug 26 2024 jchzhou <zhoujiacheng@iscas.ac.cn> - 6.1.1-12
 - add options during configure for supporting building with clang