[Buildroot] [PATCH 1/1] package/libsndfile: add upstream security fixes

Peter Korsgaard peter at korsgaard.com
Wed Apr 8 11:42:27 UTC 2020


>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:

 > - Fix CVE-2017-6892: In libsndfile version 1.0.28, an error in the
 >   "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an
 >   out-of-bounds read memory access via a specially crafted AIFF file.

 > - Fix CVE-2017-8361: The flac_buffer_copy function in flac.c in
 >   libsndfile 1.0.28 allows remote attackers to cause a denial of service
 >   (buffer overflow and application crash) or possibly have unspecified
 >   other impact via a crafted audio file.

 > - Fix CVE-2017-8362: The flac_buffer_copy function in flac.c in
 >   libsndfile 1.0.28 allows remote attackers to cause a denial of service
 >   (invalid read and application crash) via a crafted audio file.

 > - Fix CVE-2017-8363: The flac_buffer_copy function in flac.c in
 >   libsndfile 1.0.28 allows remote attackers to cause a denial of service
 >   (heap-based buffer over-read and application crash) via a crafted
 >   audio file.

 > - Fix CVE-2017-8365: The i2les_array function in pcm.c in
 >   libsndfile 1.0.28 allows remote attackers to cause a denial of service
 >   (buffer over-read and application crash) via a crafted audio file.

 > - Fix CVE-2017-12562: Heap-based Buffer Overflow in the
 >   psf_binheader_writef function in common.c in libsndfile through 1.0.28
 >   allows remote attackers to cause a denial of service (application
 >   crash) or possibly have unspecified other impact.

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

Committed to 2019.02.x, 2019.11.x and 2020.02.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list