Advisories ยป MGASA-2018-0019

Updated mad packages fix security vulnerability

Publication date: 02 Jan 2018
Modification date: 02 Jan 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-8373 , CVE-2017-8374

Description

The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b
allows remote attackers to cause a denial of service (heap-based buffer
overflow and application crash) or possibly have unspecified other impact
via a crafted audio file (CVE-2017-8373).

The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b allows
remote attackers to cause a denial of service (heap-based buffer over-read
and application crash) via a crafted audio file (CVE-2017-8374).
                

References

SRPMS

5/core

6/core