Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 842267 (CVE-2022-1475) - <media-video/ffmpeg-{4.2.7,4.4.2}: integer overflow vulnerability
Summary: <media-video/ffmpeg-{4.2.7,4.4.2}: integer overflow vulnerability
Status: RESOLVED FIXED
Alias: CVE-2022-1475
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL: https://trac.ffmpeg.org/ticket/9651
Whiteboard: B3 [glsa+]
Keywords:
Depends on: 848879 876400
Blocks:
  Show dependency tree
 
Reported: 2022-05-03 00:38 UTC by John Helmert III
Modified: 2023-12-23 11:09 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-03 00:38:55 UTC
CVE-2022-1475:
https://bugzilla.redhat.com/show_bug.cgi?id=2076764

An integer overflow vulnerability was found in FFmpeg 5.0.1 and in previous versions in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.

Patch: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=757da974b21833529cc41bdcc9684c29660cdfa8
Comment 1 Larry the Git Cow gentoo-dev 2022-05-03 01:12:23 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb33595d7124b0e0ce9f569c2383dea5215203fc

commit bb33595d7124b0e0ce9f569c2383dea5215203fc
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-05-03 01:11:11 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-05-03 01:11:11 +0000

    media-video/ffmpeg: add 4.4.2
    
    Bug: https://bugs.gentoo.org/842267
    Signed-off-by: Sam James <sam@gentoo.org>

 media-video/ffmpeg/Manifest            |   2 +
 media-video/ffmpeg/ffmpeg-4.4.2.ebuild | 581 +++++++++++++++++++++++++++++++++
 2 files changed, 583 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2022-09-03 05:27:14 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31baf58256ca04e305510ce86df9f6d83948f853

commit 31baf58256ca04e305510ce86df9f6d83948f853
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-09-03 05:24:50 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-09-03 05:25:22 +0000

    media-video/ffmpeg: add 4.2.7
    
    Fixes a bunch of CVEs that we've had fixed in newer versions
    for a while, but until we can clean up 4.2.x, we may as well
    bump to the latest in that series...
    
    Bug: https://bugs.gentoo.org/842267
    Bug: https://bugs.gentoo.org/795696
    Bug: https://bugs.gentoo.org/781146
    Signed-off-by: Sam James <sam@gentoo.org>

 media-video/ffmpeg/Manifest                        |   1 +
 media-video/ffmpeg/ffmpeg-4.2.7.ebuild             | 556 +++++++++++++++++++++
 .../ffmpeg-4.2.7-libsdl2-new-version-scheme.patch  |  26 +
 3 files changed, 583 insertions(+)
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-10 15:33:21 UTC
Oops, typo'd the bug number:

commit 411e3759c45ffb1060a5f00a6a50755862b2e80d
Author: John Helmert III <ajak@gentoo.org>
Date:   Mon Oct 10 10:26:17 2022 -0500

    media-video/ffmpeg: drop 4.2.4-r2

    Bug: https://bugs.gentoo.org/847267
    Bug: https://bugs.gentoo.org/795696
    Bug: https://bugs.gentoo.org/781146
    Signed-off-by: John Helmert III <ajak@gentoo.org>
Comment 4 Larry the Git Cow gentoo-dev 2023-12-23 11:07:38 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=054115a94fa38350f4468052ec239cbacb5b8e26

commit 054115a94fa38350f4468052ec239cbacb5b8e26
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-12-23 11:07:01 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-12-23 11:07:29 +0000

    [ GLSA 202312-14 ] FFmpeg: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/795696
    Bug: https://bugs.gentoo.org/842267
    Bug: https://bugs.gentoo.org/881523
    Bug: https://bugs.gentoo.org/903805
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202312-14.xml | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)