In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file. Upstream patch:Fixed in: commit f833c53cb596e9e1792949f762e0b33661822748 Author: Erik de Castro Lopo <erikd@mega-nerd.com> Date: Tue May 23 20:15:24 2017 +1000 https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748 References: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-13/
Ignore fixed in commit information, accident.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b8fc21b710b18e21dfba9506f666ec18744a3e64 commit b8fc21b710b18e21dfba9506f666ec18744a3e64 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-10-03 19:16:17 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-10-03 19:22:05 +0000 media-libs/libsndfile: Fix multiple vulnerabilities Bug: https://bugs.gentoo.org/618016 Bug: https://bugs.gentoo.org/631634 Bug: https://bugs.gentoo.org/624814 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> Package-Manager: Portage-2.3.50, Repoman-2.3.11 .../files/libsndfile-1.0.28-CVE-2017-14634.patch | 35 +++++++++++ .../files/libsndfile-1.0.28-CVE-2017-6892.patch | 25 ++++++++ .../files/libsndfile-1.0.28-CVE-2017-8362.patch | 50 ++++++++++++++++ .../files/libsndfile-1.0.28-CVE-2017-8363.patch | 28 +++++++++ .../files/libsndfile-1.0.28-CVE-2017-8365.patch | 64 ++++++++++++++++++++ .../files/libsndfile-1.0.28-CVE-2018-13139.patch | 2 +- media-libs/libsndfile/libsndfile-1.0.28-r4.ebuild | 70 ++++++++++++++++++++++ 7 files changed, 273 insertions(+), 1 deletion(-)
(In reply to Volkan from comment #1) > Ignore fixed in commit information, accident. Please use punctuation next time, I had no clue what to make of this.
This issue was resolved and addressed in GLSA 201811-23 at https://security.gentoo.org/glsa/201811-23 by GLSA coordinator Aaron Bauman (b-man).