Package: sox | Debian Sources

Package: sox / 14.4.1-5+deb9u2

Metadata

Package	Version	Patches format
sox	14.4.1-5+deb9u2	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
0001 Check for minimum size sphere headers.patch \| (download)	src/sphere.c \| 5 5 + 0 - 0 ! 1 file changed, 5 insertions(+)	---
0002 More checks for invalid MS ADPCM blocks.patch \| (download)	src/wav.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	---
CVE 2017 15370.patch \| (download)	src/wav.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	wav: ima_adpcm: fix buffer overflow on corrupt input Add the same check bad block size as was done for MS adpcm in patch 0002-More-checks-for-invalid-MS-ADPCM-blocks.patch.
CVE 2017 15372.patch \| (download)	src/adpcm.c \| 8 7 + 1 - 0 ! src/adpcm.h \| 3 3 + 0 - 0 ! src/wav.c \| 5 4 + 1 - 0 ! 3 files changed, 14 insertions(+), 2 deletions(-)	fix stack buffer overflow in lsx_ms_adpcm_block_expand_i
CVE 2017 18189.patch \| (download)	src/xa.c \| 6 6 + 0 - 0 ! 1 file changed, 6 insertions(+)	xa: validate channel count A corrupt header specifying zero channels would send read_channels() into an infinite loop. Prevent this by sanity checking the channel count in open_read(). Also add an upper bound to prevent overflow in multiplication.
CVE 2017 15642.patch \| (download)	src/aiff.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	aiff: fix crash on empty comment chunk (cve-2017-15642) This fixes a use after free and double free if an empty comment chunk follows a non-empty one.
CVE 2017 11332.patch \| (download)	src/wav.c \| 5 5 + 0 - 0 ! 1 file changed, 5 insertions(+)	wav: fix crash if channel count is zero WAV files declaring zero channels lead to division-by-zero crashes. numchannels = 0 is not a meaningful value, forbid it.
CVE 2017 11358.patch \| (download)	src/hcom.c \| 5 5 + 0 - 0 ! 1 file changed, 5 insertions(+)	hcom: fix crash on input with corrupt dictionary
CVE 2017 11359.patch \| (download)	src/wav.c \| 6 6 + 0 - 0 ! 1 file changed, 6 insertions(+)	wav: fix crash writing header when channel count >64k High number of channels (>64k) lead to divide-by-zero error and crash. Number of channels should be representable with 16 bits, so forbid any higher value.
CVE 2017 15371.patch \| (download)	src/flac.c \| 8 5 + 3 - 0 ! 1 file changed, 5 insertions(+), 3 deletions(-)	flac: fix crash on corrupt metadata
0001 Clean up lsx_malloc and friends.patch \| (download)	src/xmalloc.c \| 30 25 + 5 - 0 ! src/xmalloc.h \| 7 4 + 3 - 0 ! 2 files changed, 29 insertions(+), 8 deletions(-)	[patch 1/5] clean up lsx_malloc() and friends
0002 fix possible buffer size overflow in lsx_make_lpf CV.patch \| (download)	src/effects_i_dsp.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	[patch 2/5] fix possible buffer size overflow in lsx_make_lpf() (CVE-2019-8354) The multiplication in the size argument malloc() might overflow, resulting in a small buffer being allocated. Use calloc() instead.
0003 fix possible overflow in lsx_ re valloc size calcula.patch \| (download)	src/xmalloc.c \| 10 10 + 0 - 0 ! src/xmalloc.h \| 5 3 + 2 - 0 ! 2 files changed, 13 insertions(+), 2 deletions(-)	[patch 3/5] fix possible overflow in lsx_(re)valloc() size calculation (CVE-2019-8355)
0004 fft4g bail if size too large CVE 2019 8356.patch \| (download)	src/fft4g.c \| 18 18 + 0 - 0 ! src/fft4g.h \| 2 2 + 0 - 0 ! 2 files changed, 20 insertions(+)	[patch 4/5] fft4g: bail if size too large (cve-2019-8356) Prevent overflowing of fixed-size buffers in bitrv2() and bitrv2conj() if the transform size is too large.
0005 fix possible null pointer deref in lsx_make_lpf CVE .patch \| (download)	src/effects_i_dsp.c \| 4 4 + 0 - 0 ! 1 file changed, 4 insertions(+)	[patch 5/5] fix possible null pointer deref in lsx_make_lpf() (CVE-2019-8357) If the buffer allocation fails, return NULL.

1