Commit 6c1cc650 authored by Jan Pavlinec's avatar Jan Pavlinec

libvorbis: patch version 1.3.5 (security fix)

CVE-2017-14632 - Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.

CVE-2017-14633 In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().

Issue #165
parent 5579b319
......@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=libvorbis
PKG_VERSION:=1.3.5
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://downloads.xiph.org/releases/vorbis/
......
--- a/lib/info.c
+++ b/lib/info.c
@@ -583,7 +583,8 @@ int vorbis_analysis_headerout(vorbis_dsp
oggpack_buffer opb;
private_state *b=v->backend_state;
- if(!b||vi->channels<=0){
+ if(!b||vi->channels<=0||vi->channels>255){
+ b = NULL;
ret=OV_EFAULT;
goto err_out;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment