packages/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!94 [sync] PR-93: Fix CVE-2021-38171

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @technology208 
Signed-off-by: @technology208
This commit is contained in:
openeuler-ci-bot 2024-07-02 09:29:10 +00:00 committed by Gitee
commit caa7e38965
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 35 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
CVE-2021-38171.patch Normal file
View File

@ -0,0 +1,30 @@
From 98461501f4272822c310e18d74d5dc3e4b51631f Mon Sep 17 00:00:00 2001
From: maryam ebrahimzadeh <me22bee@outlook.com>
Date: Tue, 2 Jul 2024 15:50:54 +0800
Subject: [PATCH] CVE-2021-38171
---
libavformat/adtsenc.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/libavformat/adtsenc.c b/libavformat/adtsenc.c
index 3c2840c..3807d67 100644
--- a/libavformat/adtsenc.c
+++ b/libavformat/adtsenc.c
@@ -50,9 +50,11 @@ static int adts_decode_extradata(AVFormatContext *s, ADTSContext *adts, const ui
GetBitContext gb;
PutBitContext pb;
MPEG4AudioConfig m4ac;
- int off;
+ int off, ret;
- init_get_bits(&gb, buf, size * 8);
+ ret = init_get_bits8(&gb, buf, size);
+ if (ret < 0)
+ return ret;
off = avpriv_mpeg4audio_get_config(&m4ac, buf, size * 8, 1);
if (off < 0)
return off;
--
2.43.0

6
ffmpeg.spec
View File

@ -61,7 +61,7 @@ ExclusiveArch: armv7hnl
Summary: Digital VCR and streaming server Summary: Digital VCR and streaming server
Name: ffmpeg%{?flavor} Name: ffmpeg%{?flavor}
Version: 4.2.4 Version: 4.2.4
Release: 11 Release: 12
License: %{ffmpeg_license} License: %{ffmpeg_license}
URL: http://ffmpeg.org/ URL: http://ffmpeg.org/
%if 0%{?date} %if 0%{?date}
@ -82,6 +82,7 @@ Patch9: CVE-2022-3341.patch
Patch10: CVE-2022-3109.patch Patch10: CVE-2022-3109.patch
Patch11: fix-CVE-2023-51793.patch Patch11: fix-CVE-2023-51793.patch
Patch12: fix-CVE-2023-50010.patch Patch12: fix-CVE-2023-50010.patch
Patch13: CVE-2021-38171.patch
Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel} %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel}
%{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})} %{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})}
@ -414,6 +415,9 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}
%changelog %changelog
* Tue Jul 2 2024 happyworker <208suo@208suo.com> - 4.2.4-12
- Fix CVE-2021-38171
* Tue Jul 02 2024 happyworker <208suo@208suo.com> - 4.2.4-11 * Tue Jul 02 2024 happyworker <208suo@208suo.com> - 4.2.4-11
- Fix CVE-2023-50010 - Fix CVE-2023-50010