Note:
This project will be discontinued after December 13, 2021. [more]
2017-06-12
In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.
Products | Libsndfile |
Type | Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) |
First patch |
https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748 |
Relevant file/s | ./src/aiff.c (modified, +1, -1) |
Links |
• https://security.gentoo.org/glsa/201811-23
• https://secuniaresearch.flexerasoftware.com/secunia_research/2017-13/ • https://secuniaresearch.flexerasoftware.com/advisories/76717/ • https://usn.ubuntu.com/4013-1/ • https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html |
Navigation
Patch data:
Patched area:
(on by default)
Patched area: