projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4a1a827) | patch
audiofile: add security patch for CVE-2017-6831
authorPeter Korsgaard <peter@korsgaard.com>
Thu, 30 Mar 2017 21:03:34 +0000 (23:03 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Fri, 31 Mar 2017 11:36:26 +0000 (13:36 +0200)
commitbd5f84d301c4e74ca200a9336eca88468ec0e1f3
treeedc86baa35f6f2c4c8f8123803cfe2f239f895datree
parent4a1a8277bba490d227f413e218138e39f1fe1203commit | diff
audiofile: add security patch for CVE-2017-6831

Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in
Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
denial of service (crash) via a crafted file.

https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp
https://github.com/mpruett/audiofile/issues/35

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/audiofile/0006-Actually-fail-when-error-occurs-in-parseFormat.patch [new file with mode: 0644] blob