CVE-2021-3246: A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file.
that one has been removed in april: commit 9eefbb31d261ef84d2360e47acdaa890507c732b Author: Miroslav Šulc <fordfrog@gentoo.org> Date: Tue Apr 6 12:42:30 2021 +0200 media-libs/libsndfile: removed obsolete 1.0.30 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org>
(In reply to Miroslav Šulc from comment #1) > that one has been removed in april: > > commit 9eefbb31d261ef84d2360e47acdaa890507c732b > Author: Miroslav Šulc <fordfrog@gentoo.org> > Date: Tue Apr 6 12:42:30 2021 +0200 > > media-libs/libsndfile: removed obsolete 1.0.30 > > Package-Manager: Portage-3.0.18, Repoman-3.0.3 > Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> Thank you. Unfortunately MITRE doesn't care about writing CVE descriptions that are useful for much longer past the time they're written. In other words, 1.0.30 is in the description, but MITRE doesn't care about misleading us into thinking versions greater than 1.0.30 are fixed.
I suppose this is the fix: commit deb669ee8be55a94565f6f8a6b60890c2e7c6f32 Author: bobsayshilol <bobsayshilol@live.co.uk> Date: Thu Feb 18 21:52:09 2021 +0000 ms_adpcm: Fix and extend size checks 'blockalign' is the size of a block, and each block contains 7 samples per channel as part of the preamble, so check against 'samplesperblock' rather than 'blockalign'. Also add an additional check that the block is big enough to hold the samples it claims to hold. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26803 The oss-fuzz issue shows the same size overwrite in the same function as the Github issue. Patch is only in the 1.1.0beta1 tag.
Package list is empty or all packages have requested keywords.
CVE-2021-4156 (https://bugzilla.redhat.com/show_bug.cgi?id=2027690): An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws.
(In reply to John Helmert III from comment #12) > CVE-2021-4156 (https://bugzilla.redhat.com/show_bug.cgi?id=2027690): > > An out-of-bounds read flaw was found in libsndfile's FLAC codec > functionality. An attacker who is able to submit a specially crafted file > (via tricking a user to open or otherwise) to an application linked with > libsndfile and using the FLAC codec, could trigger an out-of-bounds read > that would most likely cause a crash but could potentially leak memory > information that could be used in further exploitation of other flaws. https://github.com/libsndfile/libsndfile/issues/731 https://github.com/libsndfile/libsndfile/pull/732/commits/4c30646abf7834e406f7e2429c70bc254e18beab Fixed in upcoming 1.1.0.
Please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=34b05bb68cc2a795b056982c28f7baaced537b99 commit 34b05bb68cc2a795b056982c28f7baaced537b99 Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2022-05-04 18:52:25 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2022-05-04 18:52:25 +0000 media-libs/libsndfile: dropped 1.0.31 Bug: https://bugs.gentoo.org/836394 Bug: https://bugs.gentoo.org/803065 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> media-libs/libsndfile/Manifest | 1 - media-libs/libsndfile/libsndfile-1.0.31.ebuild | 74 -------------------------- 2 files changed, 75 deletions(-)
the tree is clean now, you can proceed.
Thanks!
