Dirk Mueller
020ed5f8a8
- Added patches:
* CVE-2017-11332.patch: Fixed the startread function in wav.c, which allowed
remote attackers to cause a DoS (divide-by-zero) via a crafted wav file.
(CVE-2017-11332 bsc#1081140)
* CVE-2017-11358.patch: Fixed the read_samples function in hcom.c, which
allowed remote attackers to cause a DoS (invalid memory read) via a crafted
hcom file. (CVE-2017-11358 bsc#1081141)
* CVE-2017-11359.patch: Fixed the wavwritehdr function in wav.c, which
allowed remote attackers to cause a DoS (divide-by-zero) when converting a
a crafted snd file to a wav file. (CVE-2017-11359 bsc#1081142)
* CVE-2017-15370.patch: Fixed a heap-based buffer overflow in the ImaExpandS
function of ima_rw.c, which allowed remote attackers to cause a DoS during
conversion of a crafted audio file. (CVE-2017-15370 bsc#1063439)
* CVE-2017-15371.patch: Fixed an assertion abort in the function
sox_append_comment() in formats.c, which allowed remote attackers to cause
a DoS during conversion of a crafted audio file. (CVE-2017-15371
bsc#1063450)
* CVE-2017-15372.patch: Fixed a stack-based buffer overflow in the
lsx_ms_adpcm_block_expand_i function of adpcm.c, which allowed remote
attackers to cause a DoS during conversion of a crafted audio file.
(CVE-2017-15372 bsc#1063456)
* CVE-2017-15642.patch: Fixed an Use-After-Free vulnerability in
lsx_aiffstartread in aiff.c, which could be triggered by an attacker by
providing a malformed AIFF file. (CVE-2017-15642 bsc#1064576)
* CVE-2017-18189.patch: Fixed a NULL pointer dereference triggered by a
corrupt header specifying zero channels in the startread function in
xa.c, which allowed remote attackers to cause a DoS (CVE-2017-18189
bsc#1081146).
- Removed sox-doublefree.patch
OBS-URL: https://build.opensuse.org/request/show/576951
OBS-URL: https://build.opensuse.org/package/show/multimedia:apps/sox?expand=0&rev=38
29 lines
852 B
Diff
29 lines
852 B
Diff
Description: This fixes a use after free and double free if an empty comment
|
|
chunk follows a non-empty one.
|
|
Author: Mans Rullgard <mans@mansr.com>
|
|
Forwarded: not-needed
|
|
---
|
|
src/aiff.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
Index: sox/src/aiff.c
|
|
===================================================================
|
|
--- sox.orig/src/aiff.c
|
|
+++ sox/src/aiff.c
|
|
@@ -62,7 +62,6 @@ int lsx_aiffstartread(sox_format_t * ft)
|
|
size_t ssndsize = 0;
|
|
char *annotation;
|
|
char *author;
|
|
- char *comment = NULL;
|
|
char *copyright;
|
|
char *nametext;
|
|
|
|
@@ -270,6 +269,7 @@ int lsx_aiffstartread(sox_format_t * ft)
|
|
free(annotation);
|
|
}
|
|
else if (strncmp(buf, "COMT", (size_t)4) == 0) {
|
|
+ char *comment = NULL;
|
|
rc = commentChunk(&comment, "Comment:", ft);
|
|
if (rc) {
|
|
/* Fail already called in function */
|