packages/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2022-3109

Browse Source
This commit is contained in:
happyworker 2024-07-02 15:15:46 +08:00
parent c63a2757f6
commit 1f34c7f5b7
2 changed files with 41 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
CVE-2022-3109.patch Normal file
View File

@ -0,0 +1,31 @@
From ae0ca68362ee76165de00024e1454d2e3513eced Mon Sep 17 00:00:00 2001
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Date: Wed, 26 Jun 2024 17:54:07 +0800
Subject: [PATCH] CVE-2022-3109
---
libavcodec/vp3.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c
index a2bd2ef..0c62731 100644
--- a/libavcodec/vp3.c
+++ b/libavcodec/vp3.c
@@ -2740,8 +2740,13 @@ static int vp3_decode_frame(AVCodecContext *avctx,
if (ff_thread_get_buffer(avctx, &s->current_frame, AV_GET_BUFFER_FLAG_REF) < 0)
goto error;
- if (!s->edge_emu_buffer)
+ if (!s->edge_emu_buffer) {
s->edge_emu_buffer = av_malloc(9 * FFABS(s->current_frame.f->linesize[0]));
+ if (!s->edge_emu_buffer) {
+ ret = AVERROR(ENOMEM);
+ goto error;
+ }
+ }
if (s->keyframe) {
if (!s->theora) {
--
2.43.0

16
ffmpeg.spec
View File

@ -61,7 +61,7 @@ ExclusiveArch: armv7hnl
Summary: Digital VCR and streaming server Summary: Digital VCR and streaming server
Name: ffmpeg%{?flavor} Name: ffmpeg%{?flavor}
Version: 4.2.4 Version: 4.2.4
Release: 10 Release: 11
License: %{ffmpeg_license} License: %{ffmpeg_license}
URL: http://ffmpeg.org/ URL: http://ffmpeg.org/
%if 0%{?date} %if 0%{?date}
@ -79,8 +79,9 @@ Patch6: CVE-2024-31578.patch
Patch7: CVE-2023-51794.patch Patch7: CVE-2023-51794.patch
Patch8: fix-CVE-2023-51798.patch Patch8: fix-CVE-2023-51798.patch
Patch9: CVE-2022-3341.patch Patch9: CVE-2022-3341.patch
Patch10: fix-CVE-2023-51793.patch Patch10: CVE-2022-3109.patch
Patch11: fix-CVE-2023-50010.patch Patch11: fix-CVE-2023-51793.patch
Patch12: fix-CVE-2023-50010.patch
Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel} %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel}
%{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})} %{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})}
@ -413,12 +414,15 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}
%changelog %changelog
* Tue Jul 02 2024 happyworker <208suo@208suo.com> - 4.2.4-10 * Tue Jul 02 2024 happyworker <208suo@208suo.com> - 4.2.4-11
- Fix CVE-2023-50010 - Fix CVE-2023-50010
* Tue Jul 02 2024 happyworker <208suo@208suo.com> - 4.2.4-9 * Tue Jul 02 2024 happyworker <208suo@208suo.com> - 4.2.4-10
- Fix CVE-2023-51793 - Fix CVE-2023-51793
* Wed Jun 26 2024 happyworker <208suo@208suo.com> - 4.2.4-9
- Fix CVE-2022-3109
* Tue Jun 25 2024 happyworker <208suo@208suo.com> - 4.2.4-8 * Tue Jun 25 2024 happyworker <208suo@208suo.com> - 4.2.4-8
- Fix CVE-2022-3341 - Fix CVE-2022-3341
@ -431,7 +435,7 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}
* Wed May 01 2024 cenhuilin <cenhuilin@kylinos.cn> - 4.2.4-5 * Wed May 01 2024 cenhuilin <cenhuilin@kylinos.cn> - 4.2.4-5
- fix CVE-2024-31578 - fix CVE-2024-31578
* Tue May 24 2022 yangweidong <yangweidong9@huawei.com> - 4.2.4-4 * Thu Jun 2 2022 yangweidong <yangweidong9@huawei.com> - 4.2.4-4
- Fix CVE-2021-38114 and CVE-2020-35964 - Fix CVE-2021-38114 and CVE-2020-35964
* Sat Sep 04 2021 guoxiaoqi <guoxiaoqi2@huawei.com> - 4.2.4-3 * Sat Sep 04 2021 guoxiaoqi <guoxiaoqi2@huawei.com> - 4.2.4-3