projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 85ed0d1) | patch
package/taglib: fix CVE-2018-11439
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Sun, 1 Mar 2020 20:37:59 +0000 (21:37 +0100)
committerPeter Korsgaard <peter@korsgaard.com>
Mon, 2 Mar 2020 22:33:57 +0000 (23:33 +0100)
commit70b2411cee1ea4ae01b75b62abd7dfbe03b547f1
tree5510814de64905bcdeb286642b7123678af63e26tree
parent85ed0d1c0986bd310190127e706fbdb7fd1ac726commit | diff
package/taglib: fix CVE-2018-11439

The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib
1.11.1 allows remote attackers to cause information disclosure
(heap-based buffer over-read) via a crafted audio file.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/taglib/0003-Fixed-OOB-read-when-loading-invalid-ogg-flac-file.patch [new file with mode: 0644] blob
package/taglib/taglib.mk diff | blob | history