]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 2e4934d) | patch
libvorbis: CVE-2017-14633
authorTanu Kaskinen <tanuk@iki.fi>
Tue, 20 Mar 2018 08:50:22 +0000 (10:50 +0200)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sun, 25 Mar 2018 08:33:34 +0000 (09:33 +0100)
commitdb6c0df30acdb9973f9bd4297a5fce4725c0720d
tree7d1976f452c45a8040e1f43f290dc45ff057b8a4tree | snapshot
parent2e4934d5d4b2745ffcd76020b307b9021f8d8853commit | diff
libvorbis: CVE-2017-14633

In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability
exists in the function mapping0_forward() in mapping0.c, which may lead
to DoS when operating on a crafted audio file with vorbis_analysis().

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633

Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch [new file with mode: 0644] blob
meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb diff | blob | history
Mirror of the official openembedded-core repository