diff --git a/CVE-2024-7055.patch b/CVE-2024-7055.patch new file mode 100644 index 0000000..84dda14 --- /dev/null +++ b/CVE-2024-7055.patch @@ -0,0 +1,25 @@ +From d911cb96e55228619a29704dda26d2fddd6779f6 Mon Sep 17 00:00:00 2001 +From: Michael Niedermayer +Date: Tue, 27 Aug 2024 10:14:04 +0800 +Subject: [PATCH] avcodec/pnmdec: Use 64bit for input size check + +--- + libavcodec/pnmdec.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libavcodec/pnmdec.c b/libavcodec/pnmdec.c +index acd77ea..40cc2ae 100644 +--- a/libavcodec/pnmdec.c ++++ b/libavcodec/pnmdec.c +@@ -264,7 +264,7 @@ static int pnm_decode_frame(AVCodecContext *avctx, AVFrame *p, + break; + case AV_PIX_FMT_GBRPF32: + if (!s->half) { +- if (avctx->width * avctx->height * 12 > s->bytestream_end - s->bytestream) ++ if (avctx->width * avctx->height * 12LL > s->bytestream_end - s->bytestream) + return AVERROR_INVALIDDATA; + scale = 1.f / s->scale; + if (s->endian) { +-- +2.27.0 + diff --git a/ffmpeg.spec b/ffmpeg.spec index 83a049a..640925e 100644 --- a/ffmpeg.spec +++ b/ffmpeg.spec @@ -62,7 +62,7 @@ Summary: Digital VCR and streaming server Name: ffmpeg%{?flavor} Version: 6.1.1 -Release: 12 +Release: 13 License: GPL-3.0-or-later URL: http://ffmpeg.org/ Source0: http://ffmpeg.org/releases/ffmpeg-%{version}.tar.xz @@ -76,6 +76,8 @@ Patch5: fix_libsvgdec_compile_error.patch Patch6: CVE-2023-49528.patch Patch7: fix-CVE-2023-49502.patch Patch8: fix-CVE-2024-32230.patch +Patch9: CVE-2024-7055.patch + Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel} @@ -405,6 +407,9 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir} %changelog +* Tue Aug 27 2024 happyworker <208suo@208suo.com> - 6.1.1-13 +- CVE-2024-7055.patch + * Mon Aug 26 2024 jchzhou - 6.1.1-12 - add options during configure for supporting building with clang