| Summary: | <media-sound/vorbis-tools-1.4.0-r3: buffer overflow in aiff_open() | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | sound |
| Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.openwall.com/lists/oss-security/2015/08/29/1 | ||
| Whiteboard: | B3 [noglsa cve] | ||
| Package list: |
=media-sound/vorbis-tools-1.4.0-r3
|
Runtime testing required: | No |
ebuild submitted. needs to be tested Stable on all arches, cleanup needed and glsa vote ia64 stable amd64 stable arm stable x86 stable Arches - PPC / PPC64 / Alpha / hppa needs to be completed. alpha stable sparc was dropped to exp. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5901d8f716555a1479f12313a2925fcadd177a9 hppa stable ppc/ppc64 stable New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s). Downgraded to B3. No PoC for ACE/RCE. GLSA Vote: No Maintainers, please clean the vulnerable. sparc stable (thanks to Rolf Eike Beer) |
From ${URL} : Name : vorbis-tool Affected Version: <= Revision 19495 URL : https://wiki.xiph.org/Vorbis-tools Description : An issue was found in oggenc/audio.c when it tries to open invalid AIFF file. 274 if(fread(buffer,1,len,in) < len) The input buffer and length can be controlled by user indirectly via: 260 if(!find_aiff_chunk(in, "COMM", &len)) More info can be found at : https://trac.xiph.org/ticket/2212 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.