Suggested advisory:
========================

The updated packages fix security vulnerabilities:

A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. (CVE-2024-7055)

A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. (CVE-2024-7272)

References:
https://lwn.net/Articles/985600/
========================

Updated packages in core/updates_testing:
========================
ffmpeg-5.1.6-1.mga9
lib(64)avcodec59-5.1.6-1.mga9
lib(64)avfilter8-5.1.6-1.mga9
lib(64)avformat59-5.1.6-1.mga9
lib(64)avutil57-5.1.6-1.mga9
lib(64)ffmpeg-devel-5.1.6-1.mga9
lib(64)ffmpeg-static-devel-5.1.6-1.mga9
lib(64)postproc56-5.1.6-1.mga9
lib(64)swresample4-5.1.6-1.mga9
lib(64)swscaler6-5.1.6-1.mga9

from SRPM:
ffmpeg-5.1.6-1.mga9.src.rpm

Updated packages in tainted/updates_testing:
========================
ffmpeg-5.1.6-1.mga9.tainted
lib(64)avcodec59-5.1.6-1.mga9.tainted
lib(64)avfilter8-5.1.6-1.mga9.tainted
lib(64)avformat59-5.1.6-1.mga9.tainted
lib(64)avutil57-5.1.6-1.mga9.tainted
lib(64)ffmpeg-devel-5.1.6-1.mga9.tainted
lib(64)ffmpeg-static-devel-5.1.6-1.mga9.tainted
lib(64)postproc56-5.1.6-1.mga9.tainted
lib(64)swresample4-5.1.6-1.mga9.tainted
lib(64)swscaler6-5.1.6-1.mga9.tainted

from SRPM:
ffmpeg-5.1.6-1.mga9.tainted.src.rpm

Source RPM: ffmpeg-5.1.5-3.mga10.src.rpm => ffmpeg-5.1.5-1.mga9.src.rpm
Status: NEW => ASSIGNED
Version: Cauldron => 9
Whiteboard: MGA9TOO => (none)
Severity: normal => critical
Status comment: Fixed upstream in 5.1.6 => (none)

RH x86_64

Update to core packages

LC_ALL=C urpmi --auto --auto-update
adding 66 new rpms not available in existing hdlist
replacing /var/cache/urpmi/partial/synthesis.hdlist.cz with synthesis.hdlist.cz.tmp
updating /var/cache/urpmi/partial/MD5SUM
updated medium "QA Testing (32-bit)"
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date
medium "BDK-Free-x86_64" is up-to-date
medium "BDK-Free-noarch" is up-to-date
medium "BDK-NonFree-x86_64" is up-to-date


installing ffmpeg-5.1.6-1.mga9.x86_64.rpm lib64swresample4-5.1.6-1.mga9.x86_64.rpm lib64avfilter8-5.1.6-1.mga9.x86_64.rpm lib64postproc56-5.1.6-1.mga9.x86_64.rpm lib64swscaler6-5.1.6-1.mga9.x86_64.rpm lib64avutil57-5.1.6-1.mga9.x86_64.rpm lib64avcodec59-5.1.6-1.mga9.x86_64.rpm lib64avformat59-5.1.6-1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/8: lib64avutil57         ##################################################################################################
      2/8: lib64swresample4      ##################################################################################################
      3/8: lib64avcodec59        ##################################################################################################
      4/8: lib64postproc56       ##################################################################################################
      5/8: lib64swscaler6        ##################################################################################################
      6/8: lib64avfilter8        ##################################################################################################
      7/8: lib64avformat59       ##################################################################################################
      8/8: ffmpeg                ##################################################################################################
      1/8: removing ffmpeg-5.1.5-1.mga9.tainted.x86_64
                                 ##################################################################################################
      2/8: removing lib64avfilter8-5.1.5-1.mga9.tainted.x86_64
                                 ##################################################################################################
      3/8: removing lib64avformat59-5.1.5-1.mga9.tainted.x86_64
                                 ##################################################################################################
      4/8: removing lib64avcodec59-5.1.5-1.mga9.tainted.x86_64
                                 ##################################################################################################
      5/8: removing lib64swresample4-5.1.5-1.mga9.tainted.x86_64
                                 ##################################################################################################
      6/8: removing lib64postproc56-5.1.5-1.mga9.tainted.x86_64
                                 ##################################################################################################
      7/8: removing lib64swscaler6-5.1.5-1.mga9.tainted.x86_64
                                 ##################################################################################################
      8/8: removing lib64avutil57-5.1.5-1.mga9.tainted.x86_64
                                 ##################################################################################################

Play video and audio files with ffplay OK

RH x86_64

Update to tainted packages

LC_ALL=C urpmi --auto --auto-update
adding 66 new rpms not available in existing hdlist
replacing /var/cache/urpmi/partial/synthesis.hdlist.cz with synthesis.hdlist.cz.tmp
updating /var/cache/urpmi/partial/MD5SUM
updated medium "QA Testing (32-bit)"
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date

installing lib64avformat59-5.1.6-1.mga9.tainted.x86_64.rpm lib64avfilter8-5.1.6-1.mga9.tainted.x86_64.rpm lib64avcodec59-5.1.6-1.mga9.tainted.x86_64.rpm ffmpeg-5.1.6-1.mga9.tainted.x86_64.rpm lib64postproc56-5.1.6-1.mga9.tainted.x86_64.rpm lib64swresample4-5.1.6-1.mga9.tainted.x86_64.rpm lib64avutil57-5.1.6-1.mga9.tainted.x86_64.rpm lib64swscaler6-5.1.6-1.mga9.tainted.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/8: lib64avutil57         ##################################################################################################
      2/8: lib64swresample4      ##################################################################################################
      3/8: lib64avcodec59        ##################################################################################################
      4/8: lib64postproc56       ##################################################################################################
      5/8: lib64swscaler6        ##################################################################################################
      6/8: lib64avfilter8        ##################################################################################################
      7/8: lib64avformat59       ##################################################################################################
      8/8: ffmpeg                ##################################################################################################
      1/8: removing ffmpeg-5.1.6-1.mga9.x86_64
                                 ##################################################################################################
      2/8: removing lib64avformat59-5.1.6-1.mga9.x86_64
                                 ##################################################################################################
      3/8: removing lib64avfilter8-5.1.6-1.mga9.x86_64
                                 ##################################################################################################
      4/8: removing lib64avcodec59-5.1.6-1.mga9.x86_64
                                 ##################################################################################################
      5/8: removing lib64swresample4-5.1.6-1.mga9.x86_64
                                 ##################################################################################################
      6/8: removing lib64postproc56-5.1.6-1.mga9.x86_64
                                 ##################################################################################################
      7/8: removing lib64swscaler6-5.1.6-1.mga9.x86_64
                                 ##################################################################################################
      8/8: removing lib64avutil57-5.1.6-1.mga9.x86_64
                                 ##################################################################################################

Play video and audio files with ffplay OK
Convert mp4 to avi OK

MGA9-64

Converted one video file without issue.  Converted flac to mp3 without issue.

Seems to be working for me.

CC: (none) => brtians1

MGA9-64

Converted one video file without issue.  Converted flac to mp3 without issue.

Seems to be working for me.

mga9, x64
Downgraded ffmpeg-tainted to ffmpeg.
$ sudo urpmi --downgrade --search-media "Core Release" ffmpeg
The conversion facility works fine before update.

CVE-2024-7055 & CVE-2024-7272
https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc3
The github report covers a pre-configuration step for a test version/framework called ffmpeg_g which we have to ignore.  Hopefully the simpler PoC test is valid.
$ ffmpeg -i poc3 test.mkv
[...]
Input #0, pfm_pipe, from './poc3':
  Duration: N/A, bitrate: N/A
  Stream #0:0: Video: pfm, gbrpf32le, 1971x96665, 25 fps, 25 tbr, 25 tbn
Stream mapping:
  Stream #0:0 -> #0:0 (pfm (native) -> mpeg4 (native))
Press [q] to stop, [?] for help
Segmentation fault (core dumped)

Downloaded poc5 and poc6 and tested the conversion option on them.

$ ffmpeg -i poc5 test2.mkv
[...]
[auto_aresample_0 @ 0x228ee80] [SWR @ 0x228efc0] Input channel layout "384 channels" is invalid or unsupported.
[auto_aresample_0 @ 0x228ee80] [SWR @ 0x228efc0] Output channel layout "384 channels" is invalid or unsupported.
Segmentation fault (core dumped)

$ ffmpeg -i poc6 test3.mkv
<Same result as poc5>

Updated the free packages > qarepo & drakrpm-update.

$ ffmpeg -i poc3 after3.mkv
[...]
Input #0, pfm_pipe, from 'poc3':
  Duration: N/A, bitrate: N/A
  Stream #0:0: Video: pfm, gbrpf32le, 1971x96665, 25 fps, 25 tbr, 25 tbn
Stream mapping:
  Stream #0:0 -> #0:0 (pfm (native) -> mpeg4 (native))
Press [q] to stop, [?] for help
Error while decoding stream #0:0: Invalid data found when processing input
[mpeg4 @ 0x17a7100] dimensions too large for MPEG-4
Error initializing output stream 0:0 -- Error while opening encoder for output stream #0:0 - maybe incorrect parameters such as bit_rate, rate, width or height
Conversion failed!

No segfault and exploit trapped and empty file created.
Similar results for the other two PoC.

$ ffmpeg -i poc5 after5.mkv
[...]
[auto_aresample_0 @ 0x141ae80] [SWR @ 0x141afc0] Input channel layout "384 channels" is invalid or unsupported.
[auto_aresample_0 @ 0x141ae80] Failed to configure output pad on auto_aresample_0
Error reinitializing filters!
Failed to inject frame into filter network: Invalid argument
Error while processing the decoded data for stream #0:0
Conversion failed!

More or less the same for poc6.

CC: (none) => tarazed25

This is a command I use quite frequently to merge subtitle tracks with downloaded BBC TV programmes.

$ ffmpeg -n -i Borrowdale.mp4 -f srt -i Borrowdale.srt -c:s mov_text -metadata:s:s:0 language=eng -c:v copy -c:a copy Borrowdale_st.mp4

That worked fine.  Tested the output file with vlc.  The subtitles showed up bright and clear.

Installed and tested tainted version without issues.

Tested tainted version:
- Video/audio decoding/encoding;
- Video/audio remuxing and adding subtitles;
- X11 screen and pipewire audio capture;
- Video downloading from m3u8 playlist.


System: Mageia 9, x86_64, Plasma DE, AMD Ryzen 5 5600G with Radeon Graphics using amdgpu driver.



$ uname -a
Linux jupiter 6.6.43-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Sat Jul 27 17:18:39 UTC 2024 x86_64 GNU/Linux
$ rpm -qa | grep 5.1.6-1.mga9.tainted | sort
ffmpeg-5.1.6-1.mga9.tainted
lib64avcodec59-5.1.6-1.mga9.tainted
lib64avfilter8-5.1.6-1.mga9.tainted
lib64avformat59-5.1.6-1.mga9.tainted
lib64avutil57-5.1.6-1.mga9.tainted
lib64postproc56-5.1.6-1.mga9.tainted
lib64swresample4-5.1.6-1.mga9.tainted
lib64swscaler6-5.1.6-1.mga9.tainted

CC: (none) => mageia

A good variety of tests. Thank you, Everyone!

Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Whiteboard: (none) => MGA9-64-OK
Keywords: (none) => validated_update

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0283.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED