Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 566682 (CVE-2015-7805) - <media-libs/libsndfile-1.0.26: AIFF heap write overflow (CVE-2015-7805)
Summary: <media-libs/libsndfile-1.0.26: AIFF heap write overflow (CVE-2015-7805)
Alias: CVE-2015-7805
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa cve]
Depends on: 566680
  Show dependency tree
Reported: 2015-11-23 23:42 UTC by Sebastian Pipping
Modified: 2016-12-03 10:28 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Pipping gentoo-dev 2015-11-23 23:42:05 UTC
I ran into a related exploit on the internet and noticed we don't have a bug or an update yet.  Please see #566680 for a fix.
Comment 1 Agostino Sarubbo gentoo-dev 2015-11-24 08:15:31 UTC
Arches, please test and mark stable:                                                                                                                                                                                                                                           
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86"
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2015-11-24 14:24:23 UTC
Stable for PPC64.
Comment 3 Agostino Sarubbo gentoo-dev 2015-11-25 08:55:26 UTC
amd64 stable
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2015-11-30 06:03:55 UTC
Stable for HPPA.
Comment 5 Markus Meier gentoo-dev 2015-12-05 12:46:45 UTC
arm stable
Comment 6 Agostino Sarubbo gentoo-dev 2015-12-07 11:41:13 UTC
ppc stable
Comment 7 Myckel Habets 2015-12-08 22:00:52 UTC
Builds fine on x86, redeps build fine as well. Please mark stable for x86.
Comment 8 Agostino Sarubbo gentoo-dev 2015-12-09 11:15:01 UTC
x86 stable
Comment 9 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-12-27 09:56:42 UTC
sparc stable
Comment 10 Agostino Sarubbo gentoo-dev 2016-01-10 10:42:07 UTC
alpha stable
Comment 11 Agostino Sarubbo gentoo-dev 2016-01-11 09:08:10 UTC
ia64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 12 Justin Lecher (RETIRED) gentoo-dev 2016-01-26 08:51:58 UTC
commit 6f4d6d4e5f9402581ccb90dcba045a509b03a99a
Author: Justin Lecher <>
Date:   Tue Jan 26 09:51:14 2016 +0100

    media-libs/libsndfile: Drop version vulnerable for CVE-2015-7805

    Package-Manager: portage-2.2.27
    Signed-off-by: Justin Lecher <>
Comment 13 Justin Lecher (RETIRED) gentoo-dev 2016-01-26 08:52:13 UTC
@sec, clean again.
Comment 14 Yury German Gentoo Infrastructure gentoo-dev 2016-02-25 07:52:51 UTC
Arches and Maintainer(s), Thank you for your work.

New GLSA Request filed.
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2016-12-03 10:28:48 UTC
This issue was resolved and addressed in
 GLSA 201612-03 at
by GLSA coordinator Aaron Bauman (b-man).