[scarthgap,15/16] ffmpeg: fix CVE-2025-0518

Message ID	75ad6e004de95ff6208820ccf2c0af01d9363749.1741206348.git.steve@sakoman.com
State	Accepted
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.214.169, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 15/16] ffmpeg: fix CVE-2025-0518 Date: Wed, 5 Mar 2025 14:11:14 -0800 Message-ID: <75ad6e004de95ff6208820ccf2c0af01d9363749.1741206348.git.steve@sakoman.com> In-Reply-To: <cover.1741206348.git.steve@sakoman.com> References: <cover.1741206348.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[scarthgap,01/16] openssh: Fix CVE-2025-26466 \| expand [scarthgap,01/16] openssh: Fix CVE-2025-26466 [scarthgap,02/16] curl: ignore CVE-2025-0725 [scarthgap,03/16] xwayland: Fix CVE-2024-9632 [scarthgap,04/16] xwayland: Fix CVE-2025-26594 [scarthgap,05/16] xwayland: Fix CVE-2025-26595 [scarthgap,06/16] xwayland: Fix CVE-2025-26596 [scarthgap,07/16] xwayland: Fix CVE-2025-26597 [scarthgap,08/16] xwayland: Fix CVE-2025-26598 [scarthgap,09/16] xwayland: Fix CVE-2025-26599 [scarthgap,10/16] xwayland: Fix CVE-2025-26600 [scarthgap,11/16] xwayland: Fix CVE-2025-26601 [scarthgap,12/16] ffmpeg: fix CVE-2025-25473 [scarthgap,13/16] ffmpeg: fix CVE-2025-25471 [scarthgap,14/16] ffmpeg: fix CVE-2025-22921 [scarthgap,15/16] ffmpeg: fix CVE-2025-0518 [scarthgap,16/16] systemd: add libpcre2 as RRECOMMENDS if pcre2 is enabled

Message ID

75ad6e004de95ff6208820ccf2c0af01d9363749.1741206348.git.steve@sakoman.com

State

Accepted

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 15/16] ffmpeg: fix CVE-2025-0518
Date: Wed,  5 Mar 2025 14:11:14 -0800
Message-ID: 
 <75ad6e004de95ff6208820ccf2c0af01d9363749.1741206348.git.steve@sakoman.com>
In-Reply-To: <cover.1741206348.git.steve@sakoman.com>
References: <cover.1741206348.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[scarthgap,01/16] openssh: Fix CVE-2025-26466 | expand

Commit Message

Steve Sakoman March 5, 2025, 10:11 p.m. UTC

From: Archana Polampalli <archana.polampalli@windriver.com>

Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows
Read Sensitive Constants Within an Executable. This vulnerability is associated
with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C
This issue affects FFmpeg: 7.1.
Issue was fixed:  https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a
https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a
This issue was discovered by: Simcha Kosma

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ffmpeg/ffmpeg/CVE-2025-0518.patch         | 34 +++++++++++++++++++
 .../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch
new file mode 100644
index 0000000000..d3e02bebe6
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch
@@ -0,0 +1,34 @@ 
+From b5b6391d64807578ab872dc58fb8aa621dcfc38a Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Mon, 6 Jan 2025 22:01:39 +0100
+Subject: [PATCH] avfilter/af_pan: Fix sscanf() use
+
+Fixes: Memory Data Leak
+
+Found-by: Simcha Kosman <simcha.kosman@cyberark.com>
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+CVE: CVE-2025-0518
+
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavfilter/af_pan.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libavfilter/af_pan.c b/libavfilter/af_pan.c
+index cfed9f1..ffcd214 100644
+--- a/libavfilter/af_pan.c
++++ b/libavfilter/af_pan.c
+@@ -165,7 +165,7 @@ static av_cold int init(AVFilterContext *ctx)
+         sign = 1;
+         while (1) {
+             gain = 1;
+-            if (sscanf(arg, "%lf%n *%n", &gain, &len, &len))
++            if (sscanf(arg, "%lf%n *%n", &gain, &len, &len) >= 1)
+                 arg += len;
+             if (parse_channel_name(&arg, &in_ch_id, &named)){
+                 av_log(ctx, AV_LOG_ERROR,
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
index bd1259d392..06ca65a480 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
@@ -50,6 +50,7 @@  SRC_URI = " \
     file://CVE-2025-25473.patch \
     file://CVE-2025-25471.patch \
     file://CVE-2025-22921.patch \
+    file://CVE-2025-0518.patch \
 "
 
 SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968"

[scarthgap,15/16] ffmpeg: fix CVE-2025-0518

Commit Message

Patch