Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 624814 (CVE-2017-6892)

Summary: <media-libs/libsndfile-1.0.28-r4: Information disclosure via aiff_read_chanmap() function (CVE-2017-6892)
Product: Gentoo Security Reporter: Volkan <vBugZilla>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: sound
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=1463326
Whiteboard: B4 [glsa+ cve]
Package list:
Runtime testing required: ---
Bug Depends on: 660452    
Bug Blocks:    

Description Volkan 2017-07-12 22:50:52 UTC 
In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.

Upstream patch:Fixed in: 
commit f833c53cb596e9e1792949f762e0b33661822748
Author: Erik de Castro Lopo <erikd@mega-nerd.com>
Date:   Tue May 23 20:15:24 2017 +1000


https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748

References:

https://secuniaresearch.flexerasoftware.com/secunia_research/2017-13/
Comment 1 Volkan 2017-07-12 22:52:42 UTC 
Ignore fixed in commit information, accident.
Comment 2 Larry the Git Cow gentoo-dev 2018-10-03 19:22:20 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b8fc21b710b18e21dfba9506f666ec18744a3e64

commit b8fc21b710b18e21dfba9506f666ec18744a3e64
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2018-10-03 19:16:17 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2018-10-03 19:22:05 +0000

    media-libs/libsndfile: Fix multiple vulnerabilities
    
    Bug: https://bugs.gentoo.org/618016
    Bug: https://bugs.gentoo.org/631634
    Bug: https://bugs.gentoo.org/624814
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>
    Package-Manager: Portage-2.3.50, Repoman-2.3.11

 .../files/libsndfile-1.0.28-CVE-2017-14634.patch   | 35 +++++++++++
 .../files/libsndfile-1.0.28-CVE-2017-6892.patch    | 25 ++++++++
 .../files/libsndfile-1.0.28-CVE-2017-8362.patch    | 50 ++++++++++++++++
 .../files/libsndfile-1.0.28-CVE-2017-8363.patch    | 28 +++++++++
 .../files/libsndfile-1.0.28-CVE-2017-8365.patch    | 64 ++++++++++++++++++++
 .../files/libsndfile-1.0.28-CVE-2018-13139.patch   |  2 +-
 media-libs/libsndfile/libsndfile-1.0.28-r4.ebuild  | 70 ++++++++++++++++++++++
 7 files changed, 273 insertions(+), 1 deletion(-)
Comment 3 Andreas Sturmlechner gentoo-dev 2018-10-03 19:25:56 UTC 
(In reply to Volkan from comment #1)
> Ignore fixed in commit information, accident.

Please use punctuation next time, I had no clue what to make of this.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2018-11-30 08:53:57 UTC 
This issue was resolved and addressed in
 GLSA 201811-23 at https://security.gentoo.org/glsa/201811-23
by GLSA coordinator Aaron Bauman (b-man).