Advisories ยป MGASA-2019-0078

Updated mad packages fix security vulnerability

Publication date: 14 Feb 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-11552 , CVE-2018-7263


The mad_decoder_run function in decoder.c in libmad 0.15.1b allows remote
attackers to cause a denial of service (memory corruption) via a crafted
MP3 file (CVE-2017-11552).

The mad_decoder_run() function in decoder.c in Underbit libmad through
0.15.1b allows attackers to cause a denial of service (SIGABRT because of
double free or corruption) or possibly have unspecified other impact via a
crafted file (CVE-2018-7263).