FFmpeg-PlusPlus icon indicating copy to clipboard operation
FFmpeg-PlusPlus copied to clipboard
verified publisher icon numberwolf

Add missing check for av_malloc

Open manh-td opened this issue 1 month ago • 0 comments

This PR fixes a security vulnerability in vp3_decode_frame() that was cloned from FFmpeg/FFmpeg but did not receive the security patch.

Vulnerability Details:

  • Affected Function: vp3_decode_frame() in libavcodec/vp3.c
  • Original Fix: https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568

What this PR does: This PR applies the same security patch that was applied to the original repository to eliminate the vulnerability in the cloned code.

References:

  • https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568
  • https://nvd.nist.gov/vuln/detail/CVE-2022-3109

Please review and merge this PR to ensure your repository is protected against this vulnerability.

manh-td avatar Dec 11 '25 08:12 manh-td