Description: "dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked." https://github.com/FFmpeg/FFmpeg/commit/26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777
Package list is empty or all packages have requested keywords.
CVE-2021-38291: FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. Unreleased patch: https://github.com/ffmpeg/ffmpeg/commit/e01d306c647b5827102260b885faa223b646d2d1
CVE-2021-38171: adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted. Patch: https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=22ec1c3c5fb7ee32bde1a8a0eed2b884884521bf commit 22ec1c3c5fb7ee32bde1a8a0eed2b884884521bf Author: Sam James <sam@gentoo.org> AuthorDate: 2021-10-26 04:33:43 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-10-26 04:34:11 +0000 media-video/ffmpeg: add 4.4.1 Not yet verified if all the CVEs are fixed. Bug: https://bugs.gentoo.org/795696 Signed-off-by: Sam James <sam@gentoo.org> media-video/ffmpeg/Manifest | 1 + media-video/ffmpeg/ffmpeg-4.4.1.ebuild | 555 +++++++++++++++++++++++++++++++++ 2 files changed, 556 insertions(+)
Please cleanup.