Overview

File ffmpeg-4-CVE-2025-0518.patch of Package ffmpeg-4

From b5b6391d64807578ab872dc58fb8aa621dcfc38a Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Mon, 6 Jan 2025 22:01:39 +0100
Subject: [PATCH] avfilter/af_pan: Fix sscanf() use

Fixes: Memory Data Leak

Found-by: Simcha Kosman <simcha.kosman@cyberark.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavfilter/af_pan.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavfilter/af_pan.c b/libavfilter/af_pan.c
index 0d20b0307b..5feb2439c7 100644
--- a/libavfilter/af_pan.c
+++ b/libavfilter/af_pan.c
@@ -196,7 +196,7 @@ static av_cold int init(AVFilterContext *ctx)
         sign = 1;
         while (1) {
             gain = 1;
-            if (sscanf(arg, "%lf%n *%n", &gain, &len, &len))
+            if (sscanf(arg, "%lf%n *%n", &gain, &len, &len) >= 1)
                 arg += len;
             if (parse_channel_name(&arg, &in_ch_id, &named)){
                 av_log(ctx, AV_LOG_ERROR,
-- 
2.44.0
openSUSE Build Service is sponsored by
Places