Mageia Advisory: MGASA-2015-0408 - Updated audiofile packages fixes security vulnerability

Updated audiofile packages fixes security vulnerability

Publication date: 25 Oct 2015
Modification date: 25 Oct 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-7747

Description

When libaudiofile is used to change both the number of channels of an
audio file (e.g. from stereo to mono) and the sample format (e.g. from
16-bit samples to 8-bit samples), the output file will contain corrupted
data.	If the new sample format is smaller than the old one, there is a
risk of buffer overflow: e.g. when the input file has 16-bit samples and
the output file has 8-bit samples, afReadFrames will treat the buffer to
read the samples (argument void *data) as a pointer to int16_t instead of
int8_t, therefore it will write past its end (CVE-2015-7747).

References

https://bugs.mageia.org/show_bug.cgi?id=16923
http://openwall.com/lists/oss-security/2015/10/08/1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7747

SRPMS

5/core

audiofile-0.3.6-4.1.mga5

Advisories » MGASA-2015-0408

Updated audiofile packages fixes security vulnerability

Description

References

SRPMS

5/core