Commit 813d4715 authored 2 years ago by Narpat Mali Committed by Steve Sakoman 2 years ago

ffmpeg: fix for CVE-2022-48434


libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and
other products, leaves stale hwaccel state in worker threads, which
allows attackers to trigger a use-after-free and execute arbitrary
code in some circumstances (e.g., hardware re-initialization upon a
mid-video SPS change when Direct3D11 is used).

(From OE-Core rev: 392f984ffd95bcd3ce4c364b40425e7808ca7719)

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

parent 75239ddd

No related merge requests found

Show whitespace changes

Inline Side-by-side

Showing with 132 additions and 1 deletion

Please register or to comment