From 2baf78ed79617623a9bec30d077c5a8415ea6200 Mon Sep 17 00:00:00 2001 From: happyworker <208suo@208suo.com> Date: Fri, 19 Dec 2025 15:50:41 +0800 Subject: [PATCH] fix CVE-2020-22015.patch update --- CVE-2020-22015.patch | 32 ++++++++++++++++++++++++++++++++ ffmpeg.spec | 7 ++++++- 2 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 CVE-2020-22015.patch diff --git a/CVE-2020-22015.patch b/CVE-2020-22015.patch new file mode 100644 index 0000000..7a29a14 --- /dev/null +++ b/CVE-2020-22015.patch @@ -0,0 +1,32 @@ +From 78db8083da582e03a0cdf1024f06bdf4dbd1134f Mon Sep 17 00:00:00 2001 +From: Michael Niedermayer +Date: Fri, 19 Dec 2025 15:43:27 +0800 +Subject: [PATCH] avformat/movenc: Check pal_size before use + +--- + libavformat/movenc.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/libavformat/movenc.c b/libavformat/movenc.c +index 1eee034..d586771 100644 +--- a/libavformat/movenc.c ++++ b/libavformat/movenc.c +@@ -2008,11 +2008,13 @@ static int mov_write_video_tag(AVFormatContext *s, AVIOContext *pb, MOVMuxContex + avio_wb16(pb, 0x18); /* Reserved */ + + if (track->mode == MODE_MOV && track->par->format == AV_PIX_FMT_PAL8) { +- int pal_size = 1 << track->par->bits_per_coded_sample; +- int i; ++ int pal_size, i; + avio_wb16(pb, 0); /* Color table ID */ + avio_wb32(pb, 0); /* Color table seed */ + avio_wb16(pb, 0x8000); /* Color table flags */ ++ if (track->par->bits_per_coded_sample < 0 || track->par->bits_per_coded_sample > 8) ++ return AVERROR(EINVAL); ++ pal_size = 1 << track->par->bits_per_coded_sample; + avio_wb16(pb, pal_size - 1); /* Color table size (zero-relative) */ + for (i = 0; i < pal_size; i++) { + uint32_t rgb = track->palette[i]; +-- +2.50.1 + diff --git a/ffmpeg.spec b/ffmpeg.spec index 804726b..92d1289 100644 --- a/ffmpeg.spec +++ b/ffmpeg.spec @@ -60,7 +60,7 @@ Summary: Digital VCR and streaming server Name: ffmpeg%{?flavor} Version: 4.2.4 -Release: 24 +Release: 25 License: %{ffmpeg_license} URL: http://ffmpeg.org/ %if 0%{?date} @@ -96,6 +96,7 @@ Patch24: backport-CVE-2024-36617.patch Patch25: backport-CVE-2024-36613.patch Patch26: fix-CVE-2020.patch Patch27: fix-CVE-2020-2.patch +Patch28: CVE-2020-22015.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel} @@ -429,6 +430,10 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir} %changelog +* Fri Dec 19 2025 happyworker <208suo@208suo.com> - 4.2.4-25 +- Fix CVE-2020-22015 + + * Tue Jul 8 2025 happyworker <208suo@208suo.com> - 4.2.4-24 - Fix CVE-2021-38090/CVE-2020-21697/CVE-2020-22042/CVE-2020-21688/CVE-2020-22037/CVE-2020-22051/CVE-2020-22020/CVE-2025-22921/CVE-2025-22919 -- Gitee