projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 27acdca) | patch
package/libsndfile: fix CVE-2019-3832
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Wed, 4 Mar 2020 22:21:03 +0000 (23:21 +0100)
committerPeter Korsgaard <peter@korsgaard.com>
Thu, 5 Mar 2020 15:42:47 +0000 (16:42 +0100)
commit3426b37ebb2e8eee94375f58ea63992f0651cbb2
treef8a012e0d4243b45cfd734c178f8316f7682ac5ctree
parent27acdca7ee5493cc5cbd7fcf272606da43cfa896commit | diff
package/libsndfile: fix CVE-2019-3832

It was discovered the fix for CVE-2018-19758 (libsndfile) was not
complete and still allows a read beyond the limits of a buffer in
wav_write_header() function in wav.c. A local attacker may use this flaw
to make the application crash.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/libsndfile/0005-wav_write_header-don-t-read-past-the-array-end.patch [new file with mode: 0644] blob
package/libsndfile/libsndfile.mk diff | blob | history