| Summary: | <media-libs/audiofile-0.3.6-r4: multiple vulnerabilities (CVE-2017-{6827,6828,6829,6830,6831,6832,6833,6834,6835,6836,6839}) | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> | ||||
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | minor | CC: | ajak, gnome, nobrowser, sound | ||||
| Priority: | Normal | Keywords: | CC-ARCHES | ||||
| Version: | unspecified | Flags: | nattka:
sanity-check+
|
||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| See Also: |
https://github.com/gentoo/gentoo/pull/16141 https://bugs.gentoo.org/show_bug.cgi?id=711394 |
||||||
| Whiteboard: | B3 [noglsa cve] | ||||||
| Package list: |
media-libs/audiofile-0.3.6-r4
|
Runtime testing required: | --- | ||||
| Bug Depends on: | |||||||
| Bug Blocks: | 687766 | ||||||
| Attachments: |
|
||||||
|
Description
Agostino Sarubbo
2017-03-27 09:44:45 UTC
CVE-2017-6834 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6834): Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. CVE-2017-6839 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6839): Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. CVE-2017-6836 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6836): Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. CVE-2017-6835 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6835): The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file. CVE-2017-6833 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6833): The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file. CVE-2017-6832 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6832): Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. CVE-2017-6831 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6831): Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. CVE-2017-6830 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6830): Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. CVE-2017-6829 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6829): The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. CVE-2017-6828 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6828): Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file. CVE-2017-6827 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6827): Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted audio file. @maintainer(s): ping Created attachment 644044 [details, diff] audiofile-0.3.6-cve-2015.patch This is a series of commits I found referenced on Debian CVE tracker bugs, found here[1]. I was able to verify this patchset fixed each of the CVEs in this bug, except for CVE-2017-{6829,6832,6838,6839} none of which I was able to reproduce. However, the Debian tracker references one of the commits I included for each of these CVEs. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f2bb2dc35eccffb4adbcc7f4057b6e2ea458d1b8 commit f2bb2dc35eccffb4adbcc7f4057b6e2ea458d1b8 Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2020-07-19 18:28:17 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-07-19 18:28:17 +0000 media-libs/audiofile: Add security patches Dropping the system-gtest patch is necessary to make the tests run, as mentioned here: https://bugs.gentoo.org/680482#c8 The three closed bugs are reported test failures fixed by dropping the aforementioned patch and a slight repair of src_test. Because we're not using system gtest anymore, we can drop the test dependency on dev-cpp/gtest, and by extension the IUSE=test boilerplate. Bug: https://bugs.gentoo.org/614046 Bug: https://bugs.gentoo.org/687766 Closes: https://bugs.gentoo.org/680482 Closes: https://bugs.gentoo.org/715192 Closes: https://bugs.gentoo.org/720836 Package-Manager: Portage-2.3.100, Repoman-2.3.22 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/16141 Signed-off-by: Sam James <sam@gentoo.org> media-libs/audiofile/audiofile-0.3.6-r4.ebuild | 55 +++ .../files/audiofile-0.3.6-CVE-2017-68xx.patch | 379 +++++++++++++++++++++ ...ofile-0.3.6-CVE-2018-13440-CVE-2018-17095.patch | 82 +++++ 3 files changed, 516 insertions(+) arm stable arm64 stable ppc stable ppc64 stable x86 stable amd64 stable sparc stabled by slyfox (https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=90d2a67ef40811d7f8adf3e0d6a6dbc235541ff1) on 22nd GLSA Vote: no dropped to ~hppa Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=99c6a8c3924a9938c21a05f0498046c3e73c50c8 commit 99c6a8c3924a9938c21a05f0498046c3e73c50c8 Author: Sam James <sam@gentoo.org> AuthorDate: 2020-07-29 00:19:22 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-07-29 00:19:37 +0000 media-libs/audiofile: security cleanup Bug: https://bugs.gentoo.org/687766 Bug: https://bugs.gentoo.org/614046 Package-Manager: Portage-3.0.1, Repoman-2.3.23 Signed-off-by: Sam James <sam@gentoo.org> media-libs/audiofile/audiofile-0.3.6-r3.ebuild | 50 -------------------------- 1 file changed, 50 deletions(-) |
