* Wed Feb 19 2025 qzhao@suse.com
- Add ffmpeg-CVE-2025-22921.patch:
Backporting 7f9c7f98 from upstream, clear array length when
freeing it.
(CVE-2025-22921, bsc#1237382)
* Wed Feb 19 2025 qzhao@suse.com
- Add ffmpeg-CVE-2025-0518.patch:
Backporting b5b6391d from upstream, fixes memory data leak when
use sscanf().
(CVE-2025-0518, bsc#1236007)
* Wed Feb 19 2025 qzhao@suse.com
- Add ffmpeg-CVE-2025-22919.patch:
Backporting 1446e37d from upstream, check for valid sample rate
As the sample rate <= 0 is invalid.
(CVE-2025-22919, bsc#1237371)
* Wed Feb 19 2025 qzhao@suse.com
- Add ffmpeg-CVE-2024-12361.patch:
Backport 4065ff69 from upstream, add check for av_packet_new_side_data()
to avoid null pointer dereference if allocation fails.
(CVE-2024-12361, bsc#1237358)
* Wed Feb 19 2025 qzhao@suse.com
- Add ffmpeg-CVE-2024-36613.patch:
Backport 50d8e4f2 from upstream, Adjust order of operations
around block align.
(CVE-2024-36613, bsc#1235092)
* Wed Feb 19 2025 qzhao@suse.com
- Add ffmpeg-CVE-2024-35365.patch:
Backport ced5c5fdb from upstream, Fix double-free on error.
(CVE-2024-35365, bsc#1235091)
* Wed Feb 19 2025 qzhao@suse.com
- Add ffmpeg-CVE-2024-35368.patch:
Backport 45133009 from upstream, After having created the
AVBuffer that is put into frame->buf[0], ownership of several
objects Fix double-free on the AVFrame is unreferenced.
(CVE-2024-35368, bsc#1234028)
* Wed Feb 19 2025 qzhao@suse.com
- Add ffmpeg-CVE-2023-51793.patch:
Backporting 0ecc1f0e from upstream, Fix odd height handling, Fix
out of array access.
(CVE-2023-51793, bsc#1223272).
* Wed Feb 19 2025 qzhao@suse.com
- Add ffmpeg-CVE-2023-51793-shim.patch:
Backport part of 1b20853f and f0dd5c00, avfilter/internal: Factor
out executing a filter's execute_func; avfilter/vf_weave: add slice
threading support; To prepare for CVE-2023-51793 fix.
(CVE-2023-51793, bsc#1223272).
Version: 3.4.2-150200.11.57.1
* Fri Aug 09 2024 qzhao@suse.com
- Add ffmpeg-CVE-2023-51798.patch:
Backporting 68146f06 from upstream, Check pts before division.
(CVE-2023-51798 bsc#1223304)
* Thu Aug 08 2024 qzhao@suse.com
- Add ffmpeg-CVE-2021-38291.patch:
Backporting e01d306c from upstream, : don't return negative values
in av_get_audio_frame_duration().
(CVE-2021-38291, bsc#1189428)
* Wed Aug 07 2024 qzhao@suse.com
- Add ffmpeg-CVE-2020-22027.patch:
Backporting e787f8fd from upstream, check if width is 1.
(CVE-2020-22027, bsc#1186607)
* Wed Aug 07 2024 qzhao@suse.com
- Add ffmpeg-CVE-2020-22027-shim-273edb2f.patch:
Backporting 273edb2f from upstream, rewrite without using temp
memory to prepare dependence code for CVE-2020-22027.
(CVE-2020-22027, bsc#1186607)
Version: 3.4.2-150200.11.41.1
* Fri Apr 19 2024 qzhao@suse.com
- Add ffmpeg-CVE-2024-31578.patch:
Backporting ab0fdaed from upstream, Fix heap use after free when
vulkan_frames_init failed.
(CVE-2024-31578 bsc#1223070)
* Wed Apr 10 2024 qzhao@suse.com
- Add ffmpeg-CVE-2023-49502.patch
Backporting 737ede40 from upstream, Adjusts the logic to consider
the chroma planes and makes the change to all three bwdif
implementations.
(CVE-2023-49502 bsc#1223235)
Version: 3.4.2-150200.11.25.1
* Fri Jan 20 2023 alynx.zhou@suse.com
- Add ffmpeg-CVE-2022-3341.patch: Backport from upstream to fix
null pointer dereference in decode_main_header() in
libavformat/nutdec.c (bsc#1206778).
* Wed Jan 18 2023 alynx.zhou@suse.com
- Add ffmpeg-CVE-2019-13390.patch: Backport from upstream to fix
division by zero at adx_write_trailer in libavformat/rawenc.c
(bsc#1140754).
Version: 3.4.2-11.8.2
* Thu Aug 12 2021 alynx.zhou@suse.com
- Add ffmpeg-CVE-2020-21688.patch: Backport from upstream to fix
a heap-use-after-free in the av_freep function in libavutil/mem.c
of FFmpeg 4.2 allows attackers to execute arbitrary code
(bsc#1189348).
- Add ffmpeg-CVE-2020-21697.patch: Backport from upstream to fix
a heap-use-after-free in the mpeg_mux_write_packet function in
libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of
service (DOS) via a crafted avi file (bsc#1189350).
- Add ffmpeg-CVE-2021-38114.patch: Backport from upstream to fix
the return value of the init_vlc function is not checked
(bsc#1189142).
* Wed Jul 07 2021 alynx.zhou@suse.com
- Add ffmpeg-CVE-2019-9721.patch: Backport from upstream to fix
denial of service in the subtitle decoder in handle_open_brace
from libavcodec/htmlsubtitles.c (bsc#1129714).
- Add ffmpeg-CVE-2020-22046.patch: Backport from upstream to fix
a denial of service vulnerability exists in FFmpeg 4.2 due to
a memory leak in the avpriv_float_dsp_allocl function in
libavutil/float_dsp.c (bsc#1186849).
- Add ffmpeg-CVE-2020-22048.patch: Backport from upstream to fix
a denial of service vulnerability exists in FFmpeg 4.2 due to
a memory leak in the ff_frame_pool_get function in framepool.c
(bsc#1186859).
- Add ffmpeg-CVE-2020-22049.patch: Backport from upstream to fix
a denial of service vulnerability exists in FFmpeg 4.2 due to
a memory leak in the wtvfile_open_sector function in wtvdec.c
(bsc#1186861).
- Add ffmpeg-CVE-2020-22054.patch: Backport from upstream to fix
a denial of service vulnerability exists in FFmpeg 4.2 due to
a memory leak in the av_dict_set function in dict.c
(bsc#1186863).
Version: 3.4.2-11.3.1
* Fri Jun 25 2021 alynx.zhou@suse.com
- Add ffmpeg-CVE-2020-13904.patch: Backport from upstream to fix
use-after-free via a crafted EXTINF duration in an m3u8 file
(bsc#1172640).
- Add ffmpeg-CVE-2020-21041.patch: Backport from upstream to fix
buffer overflow vulnerability via apng_do_inverse_blend in
libavcodec/pngenc.c (bsc#1186406).
- Add ffmpeg-CVE-2019-17539.patch: Backport from upstream to fix
NULL pointer dereference in avcodec_open2 in libavcodec/utils.c
(bsc# 1154065).
- Add ffmpeg-CVE-2020-22026.patch: Backport from upstream to fix
buffer overflow vulnerability exists in config_input() at
libavfilter/af_tremolo.c (bsc#1186583).
- Add ffmpeg-CVE-2020-22021.patch: Backport from upstream to fix
buffer overflow vulnerability in filter_edges function in
libavfilter/vf_yadif.c (bsc#1186586).
- Add ffmpeg-CVE-2020-22020.patch: Backport from upstream to fix
buffer overflow vulnerability in build_diff_map() in
libavfilter/vf_fieldmatch.c (bsc#1186587).
- Add ffmpeg-CVE-2020-22015.patch: Backport from upstream to fix
buffer overflow vulnerability in mov_write_video_tag() due to
the out of bounds in libavformat/movenc.c (bsc#1186596).
- Add ffmpeg-CVE-2020-22016.patch: Backport from upstream to fix
a heap-based Buffer Overflow vulnerability at
libavcodec/get_bits.h when writing .mov files (bsc#1186598).
- Add ffmpeg-CVE-2020-22017.patch: Backport from upstream to fix
a heap-based Buffer Overflow vulnerability exists in
ff_fill_rectangle() in libavfilter/drawutils.c (bsc#1186600).
- Add ffmpeg-CVE-2020-22022.patch: Backport from upstream to fix
a heap-based Buffer Overflow vulnerability exists in
filter_frame at libavfilter/vf_fieldorder.c (bsc#1186603,
bsc#1190728, CVE-2020-22022, CVE-2020-20901).
- Add ffmpeg-CVE-2020-22023.patch: Backport from upstream to fix
a heap-based Buffer Overflow vulnerability exists in
filter_frame at libavfilter/vf_bitplanenoise.c (bsc#1186604)
- Add ffmpeg-CVE-2020-22025.patch: Backport from upstream to fix
a heap-based Buffer Overflow vulnerability exists in
gaussian_blur at libavfilter/vf_edgedetect.c (bsc#1186605,
bsc#1190721, CVE-2020-22025, CVE-2020-20894).
- Add ffmpeg-CVE-2020-22031.patch: Backport from upstream to fix
a heap-based Buffer Overflow vulnerability exists at
libavfilter/vf_w3fdif.c in filter16_complex_low()
(bsc#1186613).
- Add ffmpeg-CVE-2020-22032.patch: Backport from upstream to fix
a heap-based Buffer Overflow vulnerability exists at
libavfilter/vf_edgedetect.c in gaussian_blur() (bsc#1186614,
bsc#1190727, CVE-2020-22032, CVE-2020-20900).
- Add ffmpeg-CVE-2020-22033.patch: Backport from upstream to fix
a heap-based Buffer Overflow Vulnerability exists at
libavfilter/vf_vmafmotion.c in convolution_y_8bit()
(CVE-2020-22033) and buffer overflow vulnerability in
convolution_y_10bit() in libavfilter/vf_vmafmotion.c
(CVE-2020-22019) (bsc#1186615, bsc#1186597).
- Add ffmpeg-CVE-2020-22034.patch: Backport from upstream to fix
a heap-based Buffer Overflow vulnerability exists at
libavfilter/vf_floodfill.c (bsc#1186616).
- Add ffmpeg-CVE-2020-20451.patch: Backport from upstream to fix
denial of service issue due to resource management errors via
fftools/cmdutils.c (bsc#1186658).
- Add ffmpeg-CVE-2020-20448.patch: Backport from upstream to fix
divide by zero issue via libavcodec/ratecontrol.c
(bsc#1186660).
- Add ffmpeg-CVE-2020-22038.patch: Backport from upstream to fix
denial of service vulnerability exists due to a memory leak in
the ff_v4l2_m2m_create_context function in v4l2_m2m.c
(bsc#1186757).
- Add ffmpeg-CVE-2020-22039.patch: Backport from upstream to fix
denial of service vulnerability exists due to a memory leak in
the inavi_add_ientry function (bsc#1186758).
- Add ffmpeg-CVE-2020-22043.patch: Backport from upstream to fix
denial of service vulnerability exists due to a memory leak at
the fifo_alloc_common function in libavutil/fifo.c
(bsc#1186762).
- Add ffmpeg-CVE-2020-22044.patch: Backport from upstream to fix
denial of service vulnerability exists due to a memory leak in
the url_open_dyn_buf_internal function in
libavformat/aviobuf.c (bsc#1186763).
Version: 3.4.2-11.17.1
* Thu Oct 14 2021 alynx.zhou@suse.com
- Add ffmpeg-CVE-2021-38094.patch: Backport from upstream to fix
integer overflow vulnerability in function filter_sobel in
libavfilter/vf_convolution.c (bsc#1190735, bsc#1190734,
bsc#1190733, bsc#1190724, bsc#1190731, bsc#1190732,
CVE-2021-38094, CVE-2021-38093, CVE-2021-38092, CVE-2020-20898,
CVE-2021-38090, CVE-2021-38091).
- Add ffmpeg-CVE-2020-22037.patch: Backport from upstream to fix
denial of service vulnerability exists due to a memory leak in
avcodec_alloc_context3 at options.c (bsc#1186756).
- Add ffmpeg-CVE-2021-3566.patch: Backport from upstream to fix
exposure of sensitive information on ffmpeg version prior to 4.3
(bsc#1189166).
- Add ffmpeg-CVE-2020-35965.patch: Backport from upstream to fix
out-of-bounds write in decode_frame in libavcodec/exr.c
(bsc#1187852).
- Add ffmpeg-CVE-2020-20892.patch: Backport from upstream to fix
an issue was discovered in function filter_frame in
libavfilter/vf_lenscorrection.c (bsc#1190719).
- Add ffmpeg-CVE-2020-20891.patch: Backport from upstream to fix
buffer overflow vulnerability in function config_input in
libavfilter/vf_gblur.c (bsc#1190718).
- Add ffmpeg-CVE-2020-20895.patch: Backport from upstream to fix
buffer overflow vulnerability in function
filter_vertically_##name in libavfilter/vf_avgblur.c
(bsc#1190722).
- Add ffmpeg-CVE-2020-20896.patch: Backport from upstream to fix
an issue was discovered in function latm_write_packet in
libavformat/latmenc.c (bsc#1190723).
- Add ffmpeg-CVE-2020-20899.patch: Backport from upstream to fix
buffer overflow vulnerability in function config_props in
libavfilter/vf_bwdif.c (bsc#1190726).
- Add ffmpeg-CVE-2020-20902.patch: Backport from upstream to fix
out-of-bounds read vulnerability exists in long_term_filter
function in g729postfilter.c (bsc#1190729).