projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 62355eb) | patch
package/taglib: fix CVE-2017-12678
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Sun, 1 Mar 2020 20:37:58 +0000 (21:37 +0100)
committerPeter Korsgaard <peter@korsgaard.com>
Mon, 2 Mar 2020 22:33:45 +0000 (23:33 +0100)
commit85ed0d1c0986bd310190127e706fbdb7fd1ac726
tree138ac21b280af6f9b23e4499b63ee01c4cf6a7datree
parent62355ebd4f94b70c4ecc677133a6d79a7466c124commit | diff
package/taglib: fix CVE-2017-12678

In TagLib 1.11.1, the rebuildAggregateFrames function in
id3v2framefactory.cpp has a pointer to cast vulnerability, which allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via a crafted audio file.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/taglib/0002-Don-t-assume-TDRC-is-an-instance-of-TextIdentificationFrame.patch [new file with mode: 0644] blob
package/taglib/taglib.mk diff | blob | history