packages/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2022-1475

Browse Source
This commit is contained in:
happyworker 2024-07-02 17:23:52 +08:00
parent 5d3aab64a4
commit 630ebad965
2 changed files with 31 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
CVE-2022-1475.patch Normal file
View File

@ -0,0 +1,26 @@
From 0fa2535254c3e45b83f3a915f91b315f6d89879d Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Tue, 2 Jul 2024 17:15:31 +0800
Subject: [PATCH] CVE-2022-1475
---
ffmpeg-4.2.4/libavcodec/g729_parser.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/ffmpeg-4.2.4/libavcodec/g729_parser.c b/ffmpeg-4.2.4/libavcodec/g729_parser.c
index fc00235..3ede92d 100644
--- a/ffmpeg-4.2.4/libavcodec/g729_parser.c
+++ b/ffmpeg-4.2.4/libavcodec/g729_parser.c
@@ -48,6 +48,9 @@ static int g729_parse(AVCodecParserContext *s1, AVCodecContext *avctx,
av_assert1(avctx->codec_id == AV_CODEC_ID_G729);
/* FIXME: replace this heuristic block_size with more precise estimate */
s->block_size = (avctx->bit_rate < 8000) ? G729D_6K4_BLOCK_SIZE : G729_8K_BLOCK_SIZE;
+ // channels > 2 is invalid, we pass the packet on unchanged
+ if (avctx->channels > 2)
+ s->block_size = 0;
s->block_size *= avctx->channels;
s->duration = avctx->frame_size;
}
--
2.43.0

6
ffmpeg.spec
View File

@ -61,7 +61,7 @@ ExclusiveArch: armv7hnl
Summary: Digital VCR and streaming server Summary: Digital VCR and streaming server
Name: ffmpeg%{?flavor} Name: ffmpeg%{?flavor}
Version: 4.2.4 Version: 4.2.4
Release: 12 Release: 13
License: %{ffmpeg_license} License: %{ffmpeg_license}
URL: http://ffmpeg.org/ URL: http://ffmpeg.org/
%if 0%{?date} %if 0%{?date}
@ -83,6 +83,7 @@ Patch10: CVE-2022-3109.patch
Patch11: fix-CVE-2023-51793.patch Patch11: fix-CVE-2023-51793.patch
Patch12: fix-CVE-2023-50010.patch Patch12: fix-CVE-2023-50010.patch
Patch13: CVE-2021-38171.patch Patch13: CVE-2021-38171.patch
Patch14: CVE-2022-1475.patch
Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel} %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel}
%{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})} %{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})}
@ -415,6 +416,9 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}
%changelog %changelog
* Tue Jul 2 2024 happyworker <208suo@208suo.com> - 4.2.4-13
- Fix CVE-2022-1475
* Tue Jul 2 2024 happyworker <208suo@208suo.com> - 4.2.4-12 * Tue Jul 2 2024 happyworker <208suo@208suo.com> - 4.2.4-12
- Fix CVE-2021-38171 - Fix CVE-2021-38171