packages/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!187 [sync] PR-186: fix CVE-2024-36619 CVE-2024-35369

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @weidongkl 
Signed-off-by: @weidongkl
This commit is contained in:
openeuler-ci-bot 2025-01-06 02:21:00 +00:00 committed by Gitee
commit 983ea99424
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 68 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
backport-CVE-2024-35369.patch Normal file
View File

@ -0,0 +1,31 @@
From 0895ef0d6d6406ee6cd158fc4d47d80f201b8e9c Mon Sep 17 00:00:00 2001
From: James Almer <jamrial@gmail.com>
Date: Sat, 17 Feb 2024 09:45:57 -0300
Subject: [PATCH] avcodec/speexdec: further check for sane frame_size values
Prevent potential integer overflows.
Signed-off-by: James Almer <jamrial@gmail.com>
---
libavcodec/speexdec.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavcodec/speexdec.c b/libavcodec/speexdec.c
index 08c7e77..46d2587 100644
--- a/libavcodec/speexdec.c
+++ b/libavcodec/speexdec.c
@@ -1420,8 +1420,10 @@ static int parse_speex_extradata(AVCodecContext *avctx,
return AVERROR_INVALIDDATA;
s->bitrate = bytestream_get_le32(&buf);
s->frame_size = bytestream_get_le32(&buf);
- if (s->frame_size < NB_FRAME_SIZE << s->mode)
+ if (s->frame_size < NB_FRAME_SIZE << s->mode ||
+ s->frame_size > INT32_MAX >> s->mode)
return AVERROR_INVALIDDATA;
+ s->frame_size <<= s->mode;
s->vbr = bytestream_get_le32(&buf);
s->frames_per_packet = bytestream_get_le32(&buf);
if (s->frames_per_packet <= 0 ||
--
2.33.0

31
backport-CVE-2024-36619.patch Normal file
View File

@ -0,0 +1,31 @@
From 28c7094b25b689185155a6833caf2747b94774a4 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Thu, 4 Apr 2024 00:15:27 +0200
Subject: [PATCH] avcodec/wavarc: fix signed integer overflow in block type
6/19
Fixes: signed integer overflow: -2088796289 + -91276551 cannot be represented in type 'int'
Fixes: 67772/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-6533568953122816
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/wavarc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/wavarc.c b/libavcodec/wavarc.c
index 7083494cd8..b4b26958e6 100644
--- a/libavcodec/wavarc.c
+++ b/libavcodec/wavarc.c
@@ -647,7 +647,7 @@ static int decode_5elp(AVCodecContext *avctx,
for (int o = 0; o < order; o++)
sum += s->filter[ch][o] * (unsigned)samples[n + 70 - o - 1];
- samples[n + 70] += ac_out[n] + (sum >> 4);
+ samples[n + 70] += ac_out[n] + (unsigned)(sum >> 4);
}
for (int n = 0; n < 70; n++)
--
2.33.0

7
ffmpeg.spec
View File

@ -62,7 +62,7 @@
Summary: Digital VCR and streaming server
Name: ffmpeg%{?flavor}
Version: 6.1.1
Release: 17
Release: 18
License: GPL-3.0-or-later
URL: http://ffmpeg.org/
Source0: http://ffmpeg.org/releases/ffmpeg-%{version}.tar.xz
@ -84,6 +84,8 @@ Patch13: backport-CVE-2024-35368.patch
Patch14: backport-CVE-2024-36616.patch
Patch15: backport-CVE-2024-36618.patch
Patch16: backport-CVE-2024-36617.patch
Patch17: backport-CVE-2024-36619.patch
Patch18: backport-CVE-2024-35369.patch
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel}
@ -413,6 +415,9 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}
%changelog
* Tue Dec 17 2024 liningjie <liningjie@xfusion.com> - 6.1.1-18
- fix CVE-2024-36619 CVE-2024-35369
* Fri Dec 13 2024 liningjie <liningjie@xfusion.com> - 6.1.1-17
- fix CVE-2024-36617 CVE-2024-36618