andrewrk
Unintentional integer overflow
Dear developer: There is a potential integer overflow as indicated by the following function: https://github.com/allyourcodebase/ffmpeg/blob/main/libavcodec/pcm-dvdenc.c#L119
FFmpeg already patched this using the following commit. https://github.com/FFmpeg/FFmpeg/commit/160b81ce2a87b0835125da7c72ab7ed8c0918c45
Do we need to update this vulnerability?
Similar for this one: https://github.com/allyourcodebase/ffmpeg/blob/main/libswscale/swscale.c#L190 also suffer from integer overflow and the library already patched this one https://github.com/FFmpeg/FFmpeg/commit/5f5421ec66f55e186763cf3441c609d6360cfd8e
https://github.com/allyourcodebase/ffmpeg/blob/main/libavcodec/jpegxl_parser.c#L1469 suffers from integer overflow for some malformed files and already be patched by https://github.com/FFmpeg/FFmpeg/commit/0225fe857d0d174e5c2b36642f5e02670f50b444
https://github.com/allyourcodebase/ffmpeg/blob/main/libavcodec/osq.c#L227 suffers from undefined overflows in do_decode() and be patched by undefined overflows in do_decode() and dst[n] *= 256;https://github.com/FFmpeg/FFmpeg/commit/ed34b0c54ebdce7f741d9fb6a9ac11a1816df59c
https://github.com/allyourcodebase/ffmpeg/blob/main/libavcodec/osq.c#L349 suffer from overflow: https://github.com/FFmpeg/FFmpeg/commit/6420c1bf30884d5feb69d0a6f116eaceac02dacc
https://github.com/allyourcodebase/ffmpeg/blob/main/libavcodec/vvc_parser.c#L147 suffer from this https://github.com/FFmpeg/FFmpeg/commit/f499503073804e55540cad13743849a791449a98
This is a security found by fuzz: https://github.com/allyourcodebase/ffmpeg/blob/main/libavcodec/jpegxl_parser.c#L1161 patched by https://github.com/FFmpeg/FFmpeg/commit/7b20985d8d886fb32badc94f8d210bb596b19c2d
https://github.com/allyourcodebase/ffmpeg/blob/main/libavutil/timecode.c#L53 suffers from https://github.com/FFmpeg/FFmpeg/commit/6ba33b50f51b17eef0449f20b3524f174dc9c3cc