Advisories ยป MGASA-2015-0408

Updated audiofile packages fixes security vulnerability

Publication date: 25 Oct 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-7747


When libaudiofile is used to change both the number of channels of an
audio file (e.g. from stereo to mono) and the sample format (e.g. from
16-bit samples to 8-bit samples), the output file will contain corrupted
data.	If the new sample format is smaller than the old one, there is a
risk of buffer overflow: e.g. when the input file has 16-bit samples and
the output file has 8-bit samples, afReadFrames will treat the buffer to
read the samples (argument void *data) as a pointer to int16_t instead of
int8_t, therefore it will write past its end (CVE-2015-7747).