diff --git a/CVE-2020-22044.patch b/CVE-2020-22044.patch new file mode 100644 index 0000000000000000000000000000000000000000..53b9e0e5f6dd0097623ce02fa8ac6706dd9ef7f7 --- /dev/null +++ b/CVE-2020-22044.patch @@ -0,0 +1,29 @@ +From 1c6dc790f8dc0e76df39e974ba6ae434f6a5eda3 Mon Sep 17 00:00:00 2001 +From: James Almer +Date: Thu, 3 Jul 2025 14:30:22 +0800 +Subject: [PATCH] avformat/nutenc: don't allocate a dynamic AVIOContext if no index is going to be... + +--- + libavformat/nutenc.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/libavformat/nutenc.c b/libavformat/nutenc.c +index 2c2334a..632e08c 100644 +--- a/libavformat/nutenc.c ++++ b/libavformat/nutenc.c +@@ -1171,8 +1171,11 @@ static int nut_write_trailer(AVFormatContext *s) + while (nut->header_count < 3) + write_headers(s, bc); + ++ if (!nut->sp_count) ++ return 0; ++ + ret = avio_open_dyn_buf(&dyn_bc); +- if (ret >= 0 && nut->sp_count) { ++ if (ret >= 0) { + av_assert1(nut->write_index); // sp_count should be 0 if no index is going to be written + write_index(nut, dyn_bc); + put_packet(nut, bc, dyn_bc, 1, INDEX_STARTCODE); +-- +2.43.0 + diff --git a/ffmpeg.spec b/ffmpeg.spec index d4213b207c6143066e959f903949e7c5c4ed6f80..d1c2c7cc2c53ad9c04455f80326e4fad57436811 100644 --- a/ffmpeg.spec +++ b/ffmpeg.spec @@ -60,7 +60,7 @@ Summary: Digital VCR and streaming server Name: ffmpeg%{?flavor} Version: 4.2.4 -Release: 22 +Release: 23 License: %{ffmpeg_license} URL: http://ffmpeg.org/ %if 0%{?date} @@ -94,6 +94,7 @@ Patch22: backport-CVE-2024-36616.patch Patch23: backport-CVE-2024-36618.patch Patch24: backport-CVE-2024-36617.patch Patch25: backport-CVE-2024-36613.patch +Patch26: CVE-2020-22044.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel} @@ -427,6 +428,9 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir} %changelog +* Thu Jul 3 2025 happyworker <208suo@208suo.com> - 4.2.4-23 +- fix CVE-2020-22044 + * Sun Jan 5 2025 changtao - 4.2.4-22 - Type: CVE - CVE: CVE-2024-36613