[kirkstone,09/14] ffmpeg: fix CVE-2024-7055

Message ID	7335a81112673616240f010d4930b4982b10c355.1732733274.git.steve@sakoman.com
State	RFC
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.210.171, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 09/14] ffmpeg: fix CVE-2024-7055 Date: Wed, 27 Nov 2024 10:50:02 -0800 Message-Id: <7335a81112673616240f010d4930b4982b10c355.1732733274.git.steve@sakoman.com> In-Reply-To: <cover.1732733274.git.steve@sakoman.com> References: <cover.1732733274.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,01/14] python3-pip: fix CVE-2023-5752 \| expand [kirkstone,01/14] python3-pip: fix CVE-2023-5752 [kirkstone,02/14] builder: set CVE_PRODUCT [kirkstone,03/14] coreutils: fix CVE-2024-0684 [kirkstone,04/14] libsndfile: fix CVE-2024-50612 [kirkstone,05/14] ffmpeg: fix CVE-2023-51798 [kirkstone,06/14] ffmpeg: fix CVE-2023-47342 [kirkstone,07/14] ffmpeg: fix CVE-2023-50007 [kirkstone,08/14] ffmpeg: fix CVE-2023-51796 [kirkstone,09/14] ffmpeg: fix CVE-2024-7055 [kirkstone,10/14] tzdata&tzcode-native: upgrade 2024a -> 2024b [kirkstone,11/14] package_rpm: use zstd's default compression level [kirkstone,12/14] package_rpm: restrict rpm to 4 threads [kirkstone,13/14] ninja: fix build with python 3.13 [kirkstone,14/14] gstreamer1.0: improve test reliability

Message ID

7335a81112673616240f010d4930b4982b10c355.1732733274.git.steve@sakoman.com

State

RFC

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 09/14] ffmpeg: fix CVE-2024-7055
Date: Wed, 27 Nov 2024 10:50:02 -0800
Message-Id: 
 <7335a81112673616240f010d4930b4982b10c355.1732733274.git.steve@sakoman.com>
In-Reply-To: <cover.1732733274.git.steve@sakoman.com>
References: <cover.1732733274.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,01/14] python3-pip: fix CVE-2023-5752 | expand

Commit Message

Steve Sakoman Nov. 27, 2024, 6:50 p.m. UTC

From: Archana Polampalli <archana.polampalli@windriver.com>

A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical.
This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c.
The manipulation leads to heap-based buffer overflow. It is possible to initiate
the attack remotely. The exploit has been disclosed to the public and may be used.
Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade
the affected component. The associated identifier of this vulnerability is VDB-273651.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ffmpeg/ffmpeg/CVE-2024-7055.patch         | 38 +++++++++++++++++++
 .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-7055.patch

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-7055.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-7055.patch
new file mode 100644
index 0000000000..0a573330a2
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-7055.patch
@@ -0,0 +1,38 @@ 
+From 5372bfe01e4a04357ab4465c1426cf8c6412dfd5 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Thu, 18 Jul 2024 21:12:54 +0200
+Subject: [PATCH 4/4] avcodec/pnmdec: Use 64bit for input size check
+
+Fixes: out of array read
+Fixes: poc3
+
+Reported-by: VulDB CNA Team
+Found-by: CookedMelon
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+(cherry picked from commit 3faadbe2a27e74ff5bb5f7904ec27bb1f5287dc8)
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+CVE: CVE-2024-7055
+
+Upstream-Status: Backport [https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5372bfe01e4a04357ab4465c1426cf8c6412dfd5]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavcodec/pnmdec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libavcodec/pnmdec.c b/libavcodec/pnmdec.c
+index 01f9dad..1b3f20a 100644
+--- a/libavcodec/pnmdec.c
++++ b/libavcodec/pnmdec.c
+@@ -256,7 +256,7 @@ static int pnm_decode_frame(AVCodecContext *avctx, void *data,
+         }
+         break;
+     case AV_PIX_FMT_GBRPF32:
+-        if (avctx->width * avctx->height * 12 > s->bytestream_end - s->bytestream)
++        if (avctx->width * avctx->height * 12LL > s->bytestream_end - s->bytestream)
+             return AVERROR_INVALIDDATA;
+         scale = 1.f / s->scale;
+         if (s->endian) {
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index 8e0fc090ac..7b03b7cbc0 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -39,6 +39,7 @@  SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
            file://CVE-2023-47342.patch \
            file://CVE-2023-50007.patch \
            file://CVE-2023-51796.patch \
+           file://CVE-2024-7055.patch \
           "
 
 SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"

[kirkstone,09/14] ffmpeg: fix CVE-2024-7055

Commit Message

Patch