diff --git a/CVE-2024-55069.patch b/CVE-2024-55069.patch new file mode 100644 index 0000000000000000000000000000000000000000..50554ab27db86772b1c7c59e67d63933e6e26fd4 --- /dev/null +++ b/CVE-2024-55069.patch @@ -0,0 +1,25 @@ +From 8fda3be2f6a70098dd3e24206059f6d004b3b050 Mon Sep 17 00:00:00 2001 +From: Michael Niedermayer +Date: Tue, 8 Jul 2025 10:39:32 +0800 +Subject: [PATCH] avformat/iamf_parse: reject ambisonics mode > 1 + +--- + libavformat/iamf_parse.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libavformat/iamf_parse.c b/libavformat/iamf_parse.c +index 8bc0a41..901eb9f 100644 +--- a/libavformat/iamf_parse.c ++++ b/libavformat/iamf_parse.c +@@ -413,7 +413,7 @@ static int ambisonics_config(void *s, AVIOContext *pb, + + ambisonics_mode = ffio_read_leb(pb); + if (ambisonics_mode > 1) +- return 0; ++ return AVERROR_INVALIDDATA; + + output_channel_count = avio_r8(pb); // C + substream_count = avio_r8(pb); // N +-- +2.43.0 + diff --git a/ffmpeg.spec b/ffmpeg.spec index e7e1b8a2f1d6002bbec61c940150c11963499d1c..bcc3753f573b7849ffa59f21ee82a2f61329c367 100644 --- a/ffmpeg.spec +++ b/ffmpeg.spec @@ -73,7 +73,7 @@ Summary: Digital VCR and streaming server Name: ffmpeg%{?flavor} Version: 7.1 -Release: 7 +Release: 8 License: GPL-3.0-or-later URL: https://ffmpeg.org/ Source0: https://ffmpeg.org/releases/ffmpeg-%{version}.tar.xz @@ -86,6 +86,7 @@ Patch7: backport-CVE-2025-0518.patch Patch8: backport-CVE-2025-22921.patch Patch9: CVE-2025-1816.patch Patch10: CVE-2025-25473.patch +Patch11: CVE-2024-55069.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel} @@ -409,6 +410,9 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir} %{_libdir}/lib*.so %changelog +* Tue Jul 8 2025 happyworker <208suo@208suo.com> - 7.1-8 +- fix CVE-2024-55069 + * Tue Apr 22 2025 happyworker <208suo@208suo.com> - 7.1-7 - fix CVE-2025-25473