diff --git a/backport-CVE-2025-22921.patch b/backport-CVE-2025-22921.patch new file mode 100644 index 0000000000000000000000000000000000000000..47016c75d5fe12cf5387071b7e1e99cdbef65085 --- /dev/null +++ b/backport-CVE-2025-22921.patch @@ -0,0 +1,24 @@ +From 7fc8f37e0e37b52a28cc05639ede64ad32f3c53f Mon Sep 17 00:00:00 2001 +From: maoyanping +Date: Fri, 18 Apr 2025 16:17:00 +0800 +Subject: [PATCH] backport-CVE-2025-22921 + +--- + libavcodec/jpeg2000dec.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c +index 691cfbd..b56902c 100644 +--- a/libavcodec/jpeg2000dec.c ++++ b/libavcodec/jpeg2000dec.c +@@ -1223,6 +1223,7 @@ static int jpeg2000_decode_packet(Jpeg2000DecoderContext *s, Jpeg2000Tile *tile, + } + } + av_freep(&cblk->lengthinc); ++ cblk->nb_lengthinc = 0; + } + } + // Save state of stream +-- +2.33.0 + diff --git a/ffmpeg.spec b/ffmpeg.spec index 83592a75b01a2ff465bf95c69df05f21bd3d98a0..f15596470697afdfb8f42890d731dc4b37172247 100644 --- a/ffmpeg.spec +++ b/ffmpeg.spec @@ -62,7 +62,7 @@ Summary: Digital VCR and streaming server Name: ffmpeg%{?flavor} Version: 6.1.1 -Release: 20 +Release: 21 License: GPL-3.0-or-later URL: http://ffmpeg.org/ Source0: http://ffmpeg.org/releases/ffmpeg-%{version}.tar.xz @@ -88,6 +88,7 @@ Patch17: backport-CVE-2024-36619.patch Patch18: backport-CVE-2024-35369.patch Patch19: backport-CVE-2024-36613.patch Patch20: backport-CVE-2024-35365.patch +Patch21: backport-CVE-2025-22921.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel} @@ -417,6 +418,12 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir} %changelog +* Fri Apr 18 2025 maoyanping - 6.1.1-21 +- Type: CVE +- CVE: CVE-2025-22921 +- SUG: NA +- DESC: fix CVE-2025-22921 + * Mon Jan 13 2025 changtao - 6.1.1-20 - Type: CVE - CVE: CVE-2024-35365