Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 870022 (CVE-2022-2566)

Summary: <media-video/ffmpeg-5.1.1: OOB read
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: media-video
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/6f53f0d09ea4c9c7f7354f018a87ef840315207d
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-13 21:25:14 UTC 
Sultan caught this before MITRE's made this public, so
all we really have to go on is the commit message:

"avformat/mov: Check count sums in build_open_gop_key_points()

Fixes: ffmpeg.md
Fixes: Out of array access
Fixes: CVE-2022-2566"
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-10 15:20:38 UTC 
~ given ffmpeg-5 is hard masked still.
Comment 2 Larry the Git Cow gentoo-dev 2022-10-10 15:32:06 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2982cf6b9e81c0f29b7c05e2daa28c5455bcd3df

commit 2982cf6b9e81c0f29b7c05e2daa28c5455bcd3df
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2022-10-10 15:31:44 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-10-10 15:31:58 +0000

    media-video/ffmpeg: drop 5.0.1
    
    Bug: https://bugs.gentoo.org/870022
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 media-video/ffmpeg/Manifest            |   2 -
 media-video/ffmpeg/ffmpeg-5.0.1.ebuild | 606 ---------------------------------
 2 files changed, 608 deletions(-)
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-10 15:35:29 UTC 
Tree is clean.