Description: "dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked." https://github.com/FFmpeg/FFmpeg/commit/26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777
Package list is empty or all packages have requested keywords.
CVE-2021-38291: FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. Unreleased patch: https://github.com/ffmpeg/ffmpeg/commit/e01d306c647b5827102260b885faa223b646d2d1
CVE-2021-38171: adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted. Patch: https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=22ec1c3c5fb7ee32bde1a8a0eed2b884884521bf commit 22ec1c3c5fb7ee32bde1a8a0eed2b884884521bf Author: Sam James <sam@gentoo.org> AuthorDate: 2021-10-26 04:33:43 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-10-26 04:34:11 +0000 media-video/ffmpeg: add 4.4.1 Not yet verified if all the CVEs are fixed. Bug: https://bugs.gentoo.org/795696 Signed-off-by: Sam James <sam@gentoo.org> media-video/ffmpeg/Manifest | 1 + media-video/ffmpeg/ffmpeg-4.4.1.ebuild | 555 +++++++++++++++++++++++++++++++++ 2 files changed, 556 insertions(+)
Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31baf58256ca04e305510ce86df9f6d83948f853 commit 31baf58256ca04e305510ce86df9f6d83948f853 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-09-03 05:24:50 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-09-03 05:25:22 +0000 media-video/ffmpeg: add 4.2.7 Fixes a bunch of CVEs that we've had fixed in newer versions for a while, but until we can clean up 4.2.x, we may as well bump to the latest in that series... Bug: https://bugs.gentoo.org/842267 Bug: https://bugs.gentoo.org/795696 Bug: https://bugs.gentoo.org/781146 Signed-off-by: Sam James <sam@gentoo.org> media-video/ffmpeg/Manifest | 1 + media-video/ffmpeg/ffmpeg-4.2.7.ebuild | 556 +++++++++++++++++++++ .../ffmpeg-4.2.7-libsdl2-new-version-scheme.patch | 26 + 3 files changed, 583 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fff3d30f49f081c89ab5d0154509d32550ae1a9c commit fff3d30f49f081c89ab5d0154509d32550ae1a9c Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-10-10 15:26:17 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-10 15:31:58 +0000 media-video/ffmpeg: drop 4.2.4-r2 Bug: https://bugs.gentoo.org/847267 Bug: https://bugs.gentoo.org/795696 Bug: https://bugs.gentoo.org/781146 Signed-off-by: John Helmert III <ajak@gentoo.org> media-video/ffmpeg/Manifest | 1 - media-video/ffmpeg/ffmpeg-4.2.4-r2.ebuild | 555 ------------------------------ 2 files changed, 556 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=054115a94fa38350f4468052ec239cbacb5b8e26 commit 054115a94fa38350f4468052ec239cbacb5b8e26 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-12-23 11:07:01 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-12-23 11:07:29 +0000 [ GLSA 202312-14 ] FFmpeg: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/795696 Bug: https://bugs.gentoo.org/842267 Bug: https://bugs.gentoo.org/881523 Bug: https://bugs.gentoo.org/903805 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202312-14.xml | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+)