From 0ab359ae51667e85212b71dcde57753c972deedd Mon Sep 17 00:00:00 2001 From: technology208 Date: Mon, 17 Jun 2024 11:21:51 +0800 Subject: [PATCH] Fix CVE-2023-51794 --- CVE-2023-51794.patch | 25 +++++++++++++++++++++++++ ffmpeg.spec | 6 +++++- 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 CVE-2023-51794.patch diff --git a/CVE-2023-51794.patch b/CVE-2023-51794.patch new file mode 100644 index 0000000..6b1109c --- /dev/null +++ b/CVE-2023-51794.patch @@ -0,0 +1,25 @@ +From 0aeeddd8958240e7ab197ae3f1c995560d99e24e Mon Sep 17 00:00:00 2001 +From: technology208 +Date: Thu, 13 Jun 2024 17:46:04 +0800 +Subject: [PATCH] add + +--- + libavfilter/af_stereowiden.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/libavfilter/af_stereowiden.c b/libavfilter/af_stereowiden.c +index d23c8db..e8bb043 100644 +--- a/libavfilter/af_stereowiden.c ++++ b/libavfilter/af_stereowiden.c +@@ -74,6 +74,8 @@ static int config_input(AVFilterLink *inlink) + + s->length = s->delay * inlink->sample_rate / 1000; + s->length *= 2; ++ if (s->length == 0) ++ return AVERROR(EINVAL); + s->buffer = av_calloc(s->length, sizeof(*s->buffer)); + if (!s->buffer) + return AVERROR(ENOMEM); +-- +2.43.0 + diff --git a/ffmpeg.spec b/ffmpeg.spec index 3ea071e..db383de 100644 --- a/ffmpeg.spec +++ b/ffmpeg.spec @@ -61,7 +61,7 @@ ExclusiveArch: armv7hnl Summary: Digital VCR and streaming server Name: ffmpeg%{?flavor} Version: 4.2.4 -Release: 4 +Release: 5 License: %{ffmpeg_license} URL: http://ffmpeg.org/ %if 0%{?date} @@ -75,6 +75,7 @@ Patch2: CVE-2021-3566.patch Patch3: CVE-2021-38291.patch Patch4: CVE-2021-38114.patch Patch5: CVE-2020-35964.patch +Patch6: CVE-2023-51794.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel} %{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})} @@ -407,6 +408,9 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir} %changelog +* Mon Jun 17 2024 technology208 - 4.2.4-5 +- Fix CVE-2023-51794 + * Tue May 24 2022 yangweidong - 4.2.4-4 - Fix CVE-2021-38114 and CVE-2020-35964 -- Gitee