![](https://seccdn.libravatar.org/avatar/128a7b98d536a9cf9b4d4d5a90d63475.jpg?s=120&d=mm&r=g)
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ffmpeg-4 for openSUSE:Factory checked in at 2022-12-24 14:51:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ffmpeg-4 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg-4.new.1563 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "ffmpeg-4" Sat Dec 24 14:51:17 2022 rev:56 rq:1044594 version:4.4.3 Changes: -------- --- /work/SRC/openSUSE:Factory/ffmpeg-4/ffmpeg-4.changes 2022-11-17 17:23:58.596897884 +0100 +++ /work/SRC/openSUSE:Factory/.ffmpeg-4.new.1563/ffmpeg-4.changes 2022-12-24 14:52:02.671545127 +0100 @@ -1,0 +2,6 @@ +Fri Dec 23 08:09:25 UTC 2022 - Alynx Zhou <alynx.zhou@suse.com> + +- Add ffmpeg-CVE-2022-3109.patch: Backport from upstream to fix + null pointer dereference in vp3_decode_frame() (bsc#1206442). + +------------------------------------------------------------------- New: ---- ffmpeg-CVE-2022-3109.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ffmpeg-4.spec ++++++ --- /var/tmp/diff_new_pack.4BFW6r/_old 2022-12-24 14:52:03.639550775 +0100 +++ /var/tmp/diff_new_pack.4BFW6r/_new 2022-12-24 14:52:03.647550821 +0100 @@ -121,6 +121,7 @@ Patch10: ffmpeg-chromium.patch Patch11: ffmpeg-libglslang-detection.patch Patch12: ffmpeg-CVE-2022-3964.patch +Patch13: ffmpeg-CVE-2022-3109.patch BuildRequires: ladspa-devel BuildRequires: libgsm-devel BuildRequires: libmp3lame-devel ++++++ ffmpeg-CVE-2022-3109.patch ++++++ diff --unified --recursive --text --new-file --color ffmpeg-4.4.3.old/libavcodec/vp3.c ffmpeg-4.4.3.new/libavcodec/vp3.c --- ffmpeg-4.4.3.old/libavcodec/vp3.c 2022-10-10 03:04:38.000000000 +0800 +++ ffmpeg-4.4.3.new/libavcodec/vp3.c 2022-12-23 16:25:47.902576459 +0800 @@ -2683,8 +2683,13 @@ if ((ret = ff_thread_get_buffer(avctx, &s->current_frame, AV_GET_BUFFER_FLAG_REF)) < 0) goto error; - if (!s->edge_emu_buffer) + if (!s->edge_emu_buffer) { s->edge_emu_buffer = av_malloc(9 * FFABS(s->current_frame.f->linesize[0])); + if (!s->edge_emu_buffer) { + ret = AVERROR(ENOMEM); + goto error; + } + } if (s->keyframe) { if (!s->theora) {