diff --git a/CVE-2021-38171.patch b/CVE-2021-38171.patch new file mode 100644 index 0000000..20ac857 --- /dev/null +++ b/CVE-2021-38171.patch @@ -0,0 +1,30 @@ +From 98461501f4272822c310e18d74d5dc3e4b51631f Mon Sep 17 00:00:00 2001 +From: maryam ebrahimzadeh +Date: Tue, 2 Jul 2024 15:50:54 +0800 +Subject: [PATCH] CVE-2021-38171 + +--- + libavformat/adtsenc.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/libavformat/adtsenc.c b/libavformat/adtsenc.c +index 3c2840c..3807d67 100644 +--- a/libavformat/adtsenc.c ++++ b/libavformat/adtsenc.c +@@ -50,9 +50,11 @@ static int adts_decode_extradata(AVFormatContext *s, ADTSContext *adts, const ui + GetBitContext gb; + PutBitContext pb; + MPEG4AudioConfig m4ac; +- int off; ++ int off, ret; + +- init_get_bits(&gb, buf, size * 8); ++ ret = init_get_bits8(&gb, buf, size); ++ if (ret < 0) ++ return ret; + off = avpriv_mpeg4audio_get_config(&m4ac, buf, size * 8, 1); + if (off < 0) + return off; +-- +2.43.0 + diff --git a/ffmpeg.spec b/ffmpeg.spec index 5c28d1f..f277d8c 100644 --- a/ffmpeg.spec +++ b/ffmpeg.spec @@ -61,7 +61,7 @@ ExclusiveArch: armv7hnl Summary: Digital VCR and streaming server Name: ffmpeg%{?flavor} Version: 4.2.4 -Release: 11 +Release: 12 License: %{ffmpeg_license} URL: http://ffmpeg.org/ %if 0%{?date} @@ -82,6 +82,7 @@ Patch9: CVE-2022-3341.patch Patch10: CVE-2022-3109.patch Patch11: fix-CVE-2023-51793.patch Patch12: fix-CVE-2023-50010.patch +Patch13: CVE-2021-38171.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel} %{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})} @@ -414,6 +415,9 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir} %changelog +* Tue Jul 2 2024 happyworker <208suo@208suo.com> - 4.2.4-12 +- Fix CVE-2021-38171 + * Tue Jul 02 2024 happyworker <208suo@208suo.com> - 4.2.4-11 - Fix CVE-2023-50010