Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 870022 (CVE-2022-2566) - <media-video/ffmpeg-5.1.1: OOB read
Summary: <media-video/ffmpeg-5.1.1: OOB read
Status: RESOLVED FIXED
Alias: CVE-2022-2566
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://git.ffmpeg.org/gitweb/ffmpeg....
Whiteboard: ~4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-09-13 21:25 UTC by John Helmert III
Modified: 2022-10-10 15:35 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-13 21:25:14 UTC
Sultan caught this before MITRE's made this public, so
all we really have to go on is the commit message:

"avformat/mov: Check count sums in build_open_gop_key_points()

Fixes: ffmpeg.md
Fixes: Out of array access
Fixes: CVE-2022-2566"
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-10 15:20:38 UTC
~ given ffmpeg-5 is hard masked still.
Comment 2 Larry the Git Cow gentoo-dev 2022-10-10 15:32:06 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2982cf6b9e81c0f29b7c05e2daa28c5455bcd3df

commit 2982cf6b9e81c0f29b7c05e2daa28c5455bcd3df
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2022-10-10 15:31:44 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-10-10 15:31:58 +0000

    media-video/ffmpeg: drop 5.0.1
    
    Bug: https://bugs.gentoo.org/870022
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 media-video/ffmpeg/Manifest            |   2 -
 media-video/ffmpeg/ffmpeg-5.0.1.ebuild | 606 ---------------------------------
 2 files changed, 608 deletions(-)
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-10 15:35:29 UTC
Tree is clean.