diff --git a/CVE-2023-49528.patch b/CVE-2023-49528.patch new file mode 100644 index 0000000000000000000000000000000000000000..a71f55c63a67dc065d09cd571f74a2cf2dbc369f --- /dev/null +++ b/CVE-2023-49528.patch @@ -0,0 +1,57 @@ +From ffae3ca84f646530fe9236b0966b663aebb06717 Mon Sep 17 00:00:00 2001 +From: Paul B Mahol +Date: Thu, 6 Jun 2024 17:45:43 +0800 +Subject: [PATCH] Fix CVE-2023-49528 + +Conflict:NA +Reference:2d9ed64859c9887d0504cd71dbd5b2c15e14251a +--- + libavfilter/af_dialoguenhance.c | 18 ++++++++++-------- + 1 file changed, 10 insertions(+), 8 deletions(-) + +diff --git a/libavfilter/af_dialoguenhance.c b/libavfilter/af_dialoguenhance.c +index 1762ea7..0924c3e 100644 +--- a/libavfilter/af_dialoguenhance.c ++++ b/libavfilter/af_dialoguenhance.c +@@ -96,12 +96,13 @@ static int config_input(AVFilterLink *inlink) + if (!s->window) + return AVERROR(ENOMEM); + +- s->in_frame = ff_get_audio_buffer(inlink, s->fft_size * 4); +- s->center_frame = ff_get_audio_buffer(inlink, s->fft_size * 4); +- s->out_dist_frame = ff_get_audio_buffer(inlink, s->fft_size * 4); +- s->windowed_frame = ff_get_audio_buffer(inlink, s->fft_size * 4); +- s->windowed_out = ff_get_audio_buffer(inlink, s->fft_size * 4); +- s->windowed_prev = ff_get_audio_buffer(inlink, s->fft_size * 4); ++ s->in_frame = ff_get_audio_buffer(inlink, (s->fft_size + 2) * 2); ++ s->center_frame = ff_get_audio_buffer(inlink, (s->fft_size + 2) * 2); ++ s->out_dist_frame = ff_get_audio_buffer(inlink, (s->fft_size + 2) * 2); ++ s->windowed_frame = ff_get_audio_buffer(inlink, (s->fft_size + 2) * 2); ++ s->windowed_out = ff_get_audio_buffer(inlink, (s->fft_size + 2) * 2); ++ s->windowed_prev = ff_get_audio_buffer(inlink, (s->fft_size + 2) * 2); ++ + if (!s->in_frame || !s->windowed_out || !s->windowed_prev || + !s->out_dist_frame || !s->windowed_frame || !s->center_frame) + return AVERROR(ENOMEM); +@@ -250,6 +251,7 @@ static int de_stereo(AVFilterContext *ctx, AVFrame *out) + float *right_osamples = (float *)out->extended_data[1]; + float *center_osamples = (float *)out->extended_data[2]; + const int offset = s->fft_size - s->overlap; ++ const int nb_samples = FFMIN(s->overlap, s->in->nb_samples); + float vad; + + // shift in/out buffers +@@ -258,8 +260,8 @@ static int de_stereo(AVFilterContext *ctx, AVFrame *out) + memmove(left_out, &left_out[s->overlap], offset * sizeof(float)); + memmove(right_out, &right_out[s->overlap], offset * sizeof(float)); + +- memcpy(&left_in[offset], left_samples, s->overlap * sizeof(float)); +- memcpy(&right_in[offset], right_samples, s->overlap * sizeof(float)); ++ memcpy(&left_in[offset], left_samples, nb_samples * sizeof(float)); ++ memcpy(&right_in[offset], right_samples, nb_samples * sizeof(float)); + memset(&left_out[offset], 0, s->overlap * sizeof(float)); + memset(&right_out[offset], 0, s->overlap * sizeof(float)); + +-- +2.33.0 + diff --git a/ffmpeg.spec b/ffmpeg.spec index 18d64319b154ae13eec60cb9ab1bb33aab2e7197..bcce3f1a953ea4794b415ffcbd8883aa0e253159 100644 --- a/ffmpeg.spec +++ b/ffmpeg.spec @@ -59,7 +59,7 @@ ExclusiveArch: armv7hnl Summary: Digital VCR and streaming server Name: ffmpeg%{?flavor} Version: 6.1.1 -Release: 5 +Release: 6 License: GPL-3.0-or-later URL: http://ffmpeg.org/ Source0: http://ffmpeg.org/releases/ffmpeg-%{version}.tar.xz @@ -72,6 +72,7 @@ Patch2: fix-CVE-2023-50008.patch Patch3: fix-CVE-2024-31578.patch Patch4: fix-CVE-2024-31582.patch Patch5: fix_libsvgdec_compile_error.patch +Patch6: CVE-2023-49528.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel} @@ -400,6 +401,9 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir} %changelog +* Thu Jun 13 2024 technology208 - 6.1.1-6 +- fix CVE-2023-49528.patch + * Wed Jun 12 2024 technology208 - 6.1.1-5 - Add patch to fix libsvdec compile error