[kirkstone,06/12] ffmpeg: CVE-2025-0518

Message ID	a1c6c856f606c418ce0b0ad445a9dcd2d6de2ed6.1739912869.git.steve@sakoman.com
State	RFC
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.216.49, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 06/12] ffmpeg: CVE-2025-0518 Date: Tue, 18 Feb 2025 13:09:59 -0800 Message-ID: <a1c6c856f606c418ce0b0ad445a9dcd2d6de2ed6.1739912869.git.steve@sakoman.com> In-Reply-To: <cover.1739912869.git.steve@sakoman.com> References: <cover.1739912869.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,01/12] subversion: ignore CVE-2024-45720 \| expand [kirkstone,01/12] subversion: ignore CVE-2024-45720 [kirkstone,02/12] libpcre2: ignore CVE-2022-1586 [kirkstone,03/12] libxml2: Fix for CVE-2022-49043 [kirkstone,04/12] ruby: fix CVE-2024-41946 [kirkstone,05/12] gnutls: fix CVE-2024-12243 [kirkstone,06/12] ffmpeg: CVE-2025-0518 [kirkstone,07/12] ffmpeg: fix CVE-2024-36613 [kirkstone,08/12] ffmpeg: fix CVE-2024-36616 [kirkstone,09/12] ffmpeg: fix CVE-2024-36617 [kirkstone,10/12] scripts/install-buildtools: Update to 4.0.24 [kirkstone,11/12] scritps/runqemu: Ensure we only have two serial ports [kirkstone,12/12] procps: replaced one use of fputs(3) with a write(2) call

Message ID

a1c6c856f606c418ce0b0ad445a9dcd2d6de2ed6.1739912869.git.steve@sakoman.com

State

RFC

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 06/12] ffmpeg: CVE-2025-0518
Date: Tue, 18 Feb 2025 13:09:59 -0800
Message-ID: 
 <a1c6c856f606c418ce0b0ad445a9dcd2d6de2ed6.1739912869.git.steve@sakoman.com>
In-Reply-To: <cover.1739912869.git.steve@sakoman.com>
References: <cover.1739912869.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,01/12] subversion: ignore CVE-2024-45720 | expand

Commit Message

Steve Sakoman Feb. 18, 2025, 9:09 p.m. UTC

From: Archana Polampalli <archana.polampalli@windriver.com>

Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read
Sensitive Constants Within an Executable. This vulnerability is associated with
program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C .
This issue affects FFmpeg: 7.1. Issue was
fixed:  https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a
https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a
This issue was discovered by: Simcha Kosman

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ffmpeg/ffmpeg/CVE-2025-0518.patch         | 34 +++++++++++++++++++
 .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch
new file mode 100644
index 0000000000..d7623a5b9d
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch
@@ -0,0 +1,34 @@ 
+From b5b6391d64807578ab872dc58fb8aa621dcfc38a Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Mon, 6 Jan 2025 22:01:39 +0100
+Subject: [PATCH 1/4] avfilter/af_pan: Fix sscanf() use
+
+Fixes: Memory Data Leak
+
+Found-by: Simcha Kosman <simcha.kosman@cyberark.com>
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+CVE: CVE-2025-0518
+
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavfilter/af_pan.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libavfilter/af_pan.c b/libavfilter/af_pan.c
+index a8a1896..6f8d2a4 100644
+--- a/libavfilter/af_pan.c
++++ b/libavfilter/af_pan.c
+@@ -178,7 +178,7 @@ static av_cold int init(AVFilterContext *ctx)
+         sign = 1;
+         while (1) {
+             gain = 1;
+-            if (sscanf(arg, "%lf%n *%n", &gain, &len, &len))
++            if (sscanf(arg, "%lf%n *%n", &gain, &len, &len) >= 1)
+                 arg += len;
+             if (parse_channel_name(&arg, &in_ch_id, &named)){
+                 av_log(ctx, AV_LOG_ERROR,
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index 9aecdf07e0..049d9fd9ec 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -43,6 +43,7 @@  SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
            file://CVE-2024-35366.patch \
            file://CVE-2024-35367.patch \
            file://CVE-2024-35368.patch \
+           file://CVE-2025-0518.patch \
           "
 
 SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"

[kirkstone,06/12] ffmpeg: CVE-2025-0518

Commit Message

Patch