Advisories » MGASA-2019-0078

Updated mad packages fix security vulnerability

Publication date: 14 Feb 2019
Modification date: 14 Feb 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-11552 , CVE-2018-7263

Description

The mad_decoder_run function in decoder.c in libmad 0.15.1b allows remote
attackers to cause a denial of service (memory corruption) via a crafted
MP3 file (CVE-2017-11552).

The mad_decoder_run() function in decoder.c in Underbit libmad through
0.15.1b allows attackers to cause a denial of service (SIGABRT because of
double free or corruption) or possibly have unspecified other impact via a
crafted file (CVE-2018-7263).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23698
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CCLUAGAEWOQKRY2C6HLTXT5WWTWSTNIP/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11552
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7263

SRPMS

6/core

• mad-0.15.1b-22.2.mga6