Package: libsndfile / 1.0.28-6+deb10u1
Metadata
Package | Version | Patches format |
---|---|---|
libsndfile | 1.0.28-6+deb10u1 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
CVE 2017 8365.patch | (download) |
src/common.h |
1 1 + 0 - 0 ! |
fixing buffer read/write overruns in flac-code |
CVE 2017 8363.patch | (download) |
src/flac.c |
13 4 + 9 - 0 ! |
fixing another memory leak in flac code |
CVE 2017 8362.patch | (download) |
src/flac.c |
11 9 + 2 - 0 ! |
fixed yet another buffer read overflow in flac code |
CVE 2017 6892.patch | (download) |
src/aiff.c |
2 1 + 1 - 0 ! |
fix for cve-2017-6892 |
CVE 2019 3832.patch | (download) |
src/wav.c |
4 4 + 0 - 0 ! |
fix for cve-2019-3832 |
binheader heapoverflow.patch | (download) |
src/common.c |
8 4 + 4 - 0 ! |
fix heap buffer overflows when writing strings in binheader |
fix_rf64_arm.patch | (download) |
src/rf64.c |
11 9 + 2 - 0 ! |
fix rf64 on armel/armhf archs |
fix_typos.patch | (download) |
doc/bugs.html |
2 1 + 1 - 0 ! |
fixed spelling errors |
a ulaw fix multiple buffer overflows 432.patch | (download) |
src/alaw.c |
9 7 + 2 - 0 ! |
a/ulaw: fix multiple buffer overflows (#432) i2ulaw_array() and i2alaw_array() fail to handle ptr [count] = INT_MIN properly, leading to buffer underflow. INT_MIN is a special value since - INT_MIN cannot be represented as int. In this case round - INT_MIN to INT_MAX and proceed as usual. f2ulaw_array() and f2alaw_array() fail to handle ptr [count] = NaN properly, leading to null pointer dereference. In this case, arbitrarily set the buffer value to 0. This commit fixes #429 (CVE-2018-19661 and CVE-2018-19662) and fixes #344 (CVE-2017-17456 and CVE-2017-17457). |
double64_init Check psf sf.channels against upper bo.patch | (download) |
src/double64.c |
2 1 + 1 - 0 ! |
double64_init: check psf->sf.channels against upper bound This prevents division by zero later in the code. While the trivial case to catch this (i.e. sf.channels < 1) has already been covered, a crafted file may report a number of channels that is so high (i.e. > INT_MAX/sizeof(double)) that it "somehow" gets miscalculated to zero (if this makes sense) in the determination of the blockwidth. Since we only support a limited number of channels anyway, make sure to check here as well. CVE-2017-14634 Closes: https://github.com/erikd/libsndfile/issues/318 Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com> |
src wav.c Fix heap read overflow.patch | (download) |
src/wav.c |
4 3 + 1 - 0 ! |
src/wav.c: fix heap read overflow This is CVE-2018-19758. Closes: https://github.com/erikd/libsndfile/issues/435 |
Check MAX_CHANNELS in sndfile deinterleave.patch | (download) |
programs/sndfile-deinterleave.c |
7 7 + 0 - 0 ! |
check max_channels in sndfile-deinterleave Allocated buffer has space for only 16 channels. Verify that input file meets this limit. Fixes #397 |
CVE 2021 3246.patch | (download) |
src/ms_adpcm.c |
10 8 + 2 - 0 ! |
[patch] ms_adpcm: fix and extend size checks 'blockalign' is the size of a block, and each block contains 7 samples per channel as part of the preamble, so check against 'samplesperblock' rather than 'blockalign'. Also add an additional check that the block is big enough to hold the samples it claims to hold. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26803 |