From 6b92275092911530515fb7912fd1b476adca8771 Mon Sep 17 00:00:00 2001 From: happyworker <208suo@208suo.com> Date: Thu, 20 Jun 2024 10:16:45 +0800 Subject: [PATCH 1/4] Fix CVE-2023-51794 --- CVE-2023-51794.patch | 25 +++++++++++++++++++++++++ ffmpeg.spec | 6 +++++- 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 CVE-2023-51794.patch diff --git a/CVE-2023-51794.patch b/CVE-2023-51794.patch new file mode 100644 index 0000000..958335e --- /dev/null +++ b/CVE-2023-51794.patch @@ -0,0 +1,25 @@ +From a80f53d91fc1d3c523b4660a4f7ca3ede82f0bd8 Mon Sep 17 00:00:00 2001 +From: happyworker <208suo@208suo.com> +Date: Wed, 19 Jun 2024 14:48:11 +0800 +Subject: [PATCH] Fix CVE-2023-51794 + +--- + libavfilter/af_stereowiden.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/libavfilter/af_stereowiden.c b/libavfilter/af_stereowiden.c +index d23c8db..3d7b5bb 100644 +--- a/libavfilter/af_stereowiden.c ++++ b/libavfilter/af_stereowiden.c +@@ -74,6 +74,8 @@ static int config_input(AVFilterLink *inlink) + + s->length = s->delay * inlink->sample_rate / 1000; + s->length *= 2; ++ if (s->length == 0) ++ return AVERROR(EINVAL); + s->buffer = av_calloc(s->length, sizeof(*s->buffer)); + if (!s->buffer) + return AVERROR(ENOMEM); +-- +2.43.0 + diff --git a/ffmpeg.spec b/ffmpeg.spec index 3ea071e..7ef76df 100644 --- a/ffmpeg.spec +++ b/ffmpeg.spec @@ -61,7 +61,7 @@ ExclusiveArch: armv7hnl Summary: Digital VCR and streaming server Name: ffmpeg%{?flavor} Version: 4.2.4 -Release: 4 +Release: 5 License: %{ffmpeg_license} URL: http://ffmpeg.org/ %if 0%{?date} @@ -75,6 +75,7 @@ Patch2: CVE-2021-3566.patch Patch3: CVE-2021-38291.patch Patch4: CVE-2021-38114.patch Patch5: CVE-2020-35964.patch +Patch6: CVE-2023-51794.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel} %{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})} @@ -407,6 +408,9 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir} %changelog +* Wed Jun 19 2024 happyworker <208suo@208suo.com> - 4.2.4-5 +- Fix CVE-2023-51794 + * Tue May 24 2022 yangweidong - 4.2.4-4 - Fix CVE-2021-38114 and CVE-2020-35964 -- Gitee From 160d9ee16eaaea03204e475b1a78084738982eef Mon Sep 17 00:00:00 2001 From: happyworker <208suo@208suo.com> Date: Fri, 21 Jun 2024 10:55:58 +0800 Subject: [PATCH 2/4] Update to the lastest version --- CVE-2024-31578.patch | 43 +++++++++++++++++++++++++++++++++++++++++++ ffmpeg.spec | 10 +++++++--- 2 files changed, 50 insertions(+), 3 deletions(-) create mode 100644 CVE-2024-31578.patch diff --git a/CVE-2024-31578.patch b/CVE-2024-31578.patch new file mode 100644 index 0000000..3bfd5bf --- /dev/null +++ b/CVE-2024-31578.patch @@ -0,0 +1,43 @@ +From 3bb00c0a420c3ce83c6fafee30270d69622ccad7 Mon Sep 17 00:00:00 2001 +From: Zhao Zhili +Date: Wed, 1 May 2024 18:08:51 +0800 +Subject: [PATCH] avutil/hwcontext: Don't assume frames_uninit is reentrant. +Fix heap use after free when vulkan_frames_init failed. + +Signed-off-by: Zhao Zhili +--- + libavutil/hwcontext.c | 8 ++------ + 1 file changed, 2 insertions(+), 6 deletions(-) + +diff --git a/libavutil/hwcontext.c b/libavutil/hwcontext.c +index f1e404a..3b99b8a 100644 +--- a/libavutil/hwcontext.c ++++ b/libavutil/hwcontext.c +@@ -358,7 +358,7 @@ int av_hwframe_ctx_init(AVBufferRef *ref) + if (ctx->internal->hw_type->frames_init) { + ret = ctx->internal->hw_type->frames_init(ctx); + if (ret < 0) +- goto fail; ++ return ret; + } + + if (ctx->internal->pool_internal && !ctx->pool) +@@ -368,14 +368,10 @@ int av_hwframe_ctx_init(AVBufferRef *ref) + if (ctx->initial_pool_size > 0) { + ret = hwframe_pool_prealloc(ref); + if (ret < 0) +- goto fail; ++ return ret; + } + + return 0; +-fail: +- if (ctx->internal->hw_type->frames_uninit) +- ctx->internal->hw_type->frames_uninit(ctx); +- return ret; + } + + int av_hwframe_transfer_get_formats(AVBufferRef *hwframe_ref, +-- +2.23.0 + diff --git a/ffmpeg.spec b/ffmpeg.spec index 7ef76df..7ab30ef 100644 --- a/ffmpeg.spec +++ b/ffmpeg.spec @@ -61,7 +61,7 @@ ExclusiveArch: armv7hnl Summary: Digital VCR and streaming server Name: ffmpeg%{?flavor} Version: 4.2.4 -Release: 5 +Release: 6 License: %{ffmpeg_license} URL: http://ffmpeg.org/ %if 0%{?date} @@ -75,7 +75,8 @@ Patch2: CVE-2021-3566.patch Patch3: CVE-2021-38291.patch Patch4: CVE-2021-38114.patch Patch5: CVE-2020-35964.patch -Patch6: CVE-2023-51794.patch +Patch6: CVE-2024-31578.patch +Patch7: CVE-2023-51794.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel} %{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})} @@ -408,9 +409,12 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir} %changelog -* Wed Jun 19 2024 happyworker <208suo@208suo.com> - 4.2.4-5 +* Wed Jun 19 2024 happyworker <208suo@208suo.com> - 4.2.4-6 - Fix CVE-2023-51794 +* Wed May 01 2024 cenhuilin - 4.2.4-5 +- fix CVE-2024-31578 + * Tue May 24 2022 yangweidong - 4.2.4-4 - Fix CVE-2021-38114 and CVE-2020-35964 -- Gitee From 58bcd2a9d3269f6bd6657036a786ea3e654edc70 Mon Sep 17 00:00:00 2001 From: happyworker <208suo@208suo.com> Date: Tue, 25 Jun 2024 11:04:30 +0800 Subject: [PATCH 3/4] Fix CVE-2022-3341 --- CVE-2022-3341.patch | 57 +++++++++++++++++++++++++++++++++++++++++++++ ffmpeg.spec | 6 ++++- 2 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 CVE-2022-3341.patch diff --git a/CVE-2022-3341.patch b/CVE-2022-3341.patch new file mode 100644 index 0000000..f1c3ded --- /dev/null +++ b/CVE-2022-3341.patch @@ -0,0 +1,57 @@ +From c7f421bd0f01a725c4cc65223546361226013c1c Mon Sep 17 00:00:00 2001 +From: happyworker <208suo@208suo.com> +Date: Tue, 25 Jun 2024 10:36:33 +0800 +Subject: [PATCH] CVE-2022-3341 + +--- + libavformat/nutdec.c | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c +index 979cb9a..886b5c6 100644 +--- a/libavformat/nutdec.c ++++ b/libavformat/nutdec.c +@@ -346,8 +346,12 @@ static int decode_main_header(NUTContext *nut) + ret = AVERROR(ENOMEM); + goto fail; + } +- for (i = 0; i < stream_count; i++) +- avformat_new_stream(s, NULL); ++ for (i = 0; i < stream_count; i++) { ++ if (!avformat_new_stream(s, NULL)) { ++ ret = AVERROR(ENOMEM); ++ goto fail; ++ } ++ } + + return 0; + fail: +@@ -793,19 +797,23 @@ static int nut_read_header(AVFormatContext *s) + NUTContext *nut = s->priv_data; + AVIOContext *bc = s->pb; + int64_t pos; +- int initialized_stream_count; ++ int initialized_stream_count, ret; + + nut->avf = s; + + /* main header */ + pos = 0; ++ ret = 0; + do { ++ if (ret == AVERROR(ENOMEM)) ++ return ret; ++ + pos = find_startcode(bc, MAIN_STARTCODE, pos) + 1; + if (pos < 0 + 1) { + av_log(s, AV_LOG_ERROR, "No main startcode found.\n"); + goto fail; + } +- } while (decode_main_header(nut) < 0); ++ } while ((ret = decode_main_header(nut)) < 0); + + /* stream headers */ + pos = 0; +-- +2.43.0 + diff --git a/ffmpeg.spec b/ffmpeg.spec index 7ab30ef..3721c37 100644 --- a/ffmpeg.spec +++ b/ffmpeg.spec @@ -61,7 +61,7 @@ ExclusiveArch: armv7hnl Summary: Digital VCR and streaming server Name: ffmpeg%{?flavor} Version: 4.2.4 -Release: 6 +Release: 7 License: %{ffmpeg_license} URL: http://ffmpeg.org/ %if 0%{?date} @@ -77,6 +77,7 @@ Patch4: CVE-2021-38114.patch Patch5: CVE-2020-35964.patch Patch6: CVE-2024-31578.patch Patch7: CVE-2023-51794.patch +Patch8: CVE-2022-3341.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel} %{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})} @@ -409,6 +410,9 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir} %changelog +* Tue Jun 25 2024 happyworker <208suo@208suo.com> - 4.2.4-7 +- Fix CVE-2022-3341 + * Wed Jun 19 2024 happyworker <208suo@208suo.com> - 4.2.4-6 - Fix CVE-2023-51794 -- Gitee From 7e71153a48efe3d74c8994e1326cfa55f5edebe1 Mon Sep 17 00:00:00 2001 From: happyworker <208suo@208suo.com> Date: Tue, 25 Jun 2024 16:56:50 +0800 Subject: [PATCH 4/4] fix CVE-2023-51798 --- ffmpeg.spec | 6 +++++- fix-CVE-2023-51798.patch | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 fix-CVE-2023-51798.patch diff --git a/ffmpeg.spec b/ffmpeg.spec index 3721c37..c489bd0 100644 --- a/ffmpeg.spec +++ b/ffmpeg.spec @@ -61,7 +61,7 @@ ExclusiveArch: armv7hnl Summary: Digital VCR and streaming server Name: ffmpeg%{?flavor} Version: 4.2.4 -Release: 7 +Release: 8 License: %{ffmpeg_license} URL: http://ffmpeg.org/ %if 0%{?date} @@ -78,6 +78,7 @@ Patch5: CVE-2020-35964.patch Patch6: CVE-2024-31578.patch Patch7: CVE-2023-51794.patch Patch8: CVE-2022-3341.patch +Patch9: fix-CVE-2023-51798.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel} %{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})} @@ -410,6 +411,9 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir} %changelog +* Tue Jun 25 2024 happyworker <208suo@208suo.com> - 4.2.4-8 +- Fix CVE-2023-51798 + * Tue Jun 25 2024 happyworker <208suo@208suo.com> - 4.2.4-7 - Fix CVE-2022-3341 diff --git a/fix-CVE-2023-51798.patch b/fix-CVE-2023-51798.patch new file mode 100644 index 0000000..3b93b1c --- /dev/null +++ b/fix-CVE-2023-51798.patch @@ -0,0 +1,33 @@ +From faedf9f8ef5b657064ecf6af8d1ba767ada60bf4 Mon Sep 17 00:00:00 2001 +From: happyworker <208suo@208suo.com> +Date: Tue, 25 Jun 2024 10:58:39 +0800 +Subject: [PATCH] fix-CVE-2023-51798 + +--- + libavfilter/vf_minterpolate.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/libavfilter/vf_minterpolate.c b/libavfilter/vf_minterpolate.c +index b0bb238..745987c 100644 +--- a/libavfilter/vf_minterpolate.c ++++ b/libavfilter/vf_minterpolate.c +@@ -1086,9 +1086,13 @@ static void interpolate(AVFilterLink *inlink, AVFrame *avf_out) + pts = av_rescale(avf_out->pts, (int64_t) ALPHA_MAX * outlink->time_base.num * inlink->time_base.den, + (int64_t) outlink->time_base.den * inlink->time_base.num); + +- alpha = (pts - mi_ctx->frames[1].avf->pts * ALPHA_MAX) / (mi_ctx->frames[2].avf->pts - mi_ctx->frames[1].avf->pts); +- alpha = av_clip(alpha, 0, ALPHA_MAX); +- ++ if (mi_ctx->frames[2].avf->pts > mi_ctx->frames[1].avf->pts) { ++ alpha = (pts - mi_ctx->frames[1].avf->pts * ALPHA_MAX) / (mi_ctx->frames[2].avf->pts - mi_ctx->frames[1].avf->pts); ++ alpha = av_clip(alpha, 0, ALPHA_MAX); ++ } else { ++ av_log(ctx, AV_LOG_DEBUG, "duplicate input PTS detected\n"); ++ alpha = 0; ++ } + if (alpha == 0 || alpha == ALPHA_MAX) { + av_frame_copy(avf_out, alpha ? mi_ctx->frames[2].avf : mi_ctx->frames[1].avf); + return; +-- +2.43.0 + -- Gitee