Updated mad packages fix security vulnerability
Publication date: 14 Feb 2019Modification date: 14 Feb 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-11552 , CVE-2018-7263
Description
The mad_decoder_run function in decoder.c in libmad 0.15.1b allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file (CVE-2017-11552). The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file (CVE-2018-7263).
References
SRPMS
6/core
- mad-0.15.1b-22.2.mga6