Package "audiofile"
Name: |
audiofile
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- sfinfo and sfconvert tools
|
Latest version: |
0.3.3-2ubuntu0.3 |
Release: |
precise (12.04) |
Level: |
updates |
Repository: |
universe |
Links
Other versions of "audiofile" in Precise
Packages in group
Deleted packages are displayed in grey.
Changelog
audiofile (0.3.3-2ubuntu0.3) precise-security; urgency=medium
* SECURITY UPDATE: multiple vulnerabilities (LP: #1674005)
- Apply patches backported from Debian 0.3.6-4:
+ 04_clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch
+ 05_Always-check-the-number-of-coefficients.patch
+ 06_Check-for-multiplication-overflow-in-MSADPCM-decodeSam.patch
+ 07_Check-for-multiplication-overflow-in-sfconvert.patch
+ 08_Fix-signature-of-multiplyCheckOverflow.-It-returns-a-b.patch
+ 09_Actually-fail-when-error-occurs-in-parseFormat.patch
+ 10_Check-for-division-by-zero-in-BlockCodec-runPull.patch
- CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830,
CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834,
CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838,
CVE-2017-6839
* debian/patches/sfconvert_error_handling.patch: improve sfconvert error
handling so we can test the reproducers.
-- Marc Deslauriers <email address hidden> Wed, 22 Mar 2017 10:39:00 -0400
|
Source diff to previous version |
1674005 |
audiofile: Multiple security issues from March 2017 |
CVE-2017-6827 |
Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3. |
CVE-2017-6828 |
Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote att |
CVE-2017-6829 |
The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a c |
CVE-2017-6830 |
Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a |
CVE-2017-6831 |
Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a |
CVE-2017-6832 |
Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of |
CVE-2017-6833 |
The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of |
CVE-2017-6834 |
Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a |
CVE-2017-6835 |
The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of s |
CVE-2017-6836 |
Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6 a |
CVE-2017-6837 |
WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large numb |
CVE-2017-6838 |
Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) v |
CVE-2017-6839 |
Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via |
|
audiofile (0.3.3-2ubuntu0.1) precise-security; urgency=medium
* SECURITY UPDATE: buffer overflow when changing both sample format and
number of channels (LP: #1502721)
- debian/patches/CVE-2015-7747.patch: don't corrupt files in
libaudiofile/modules/ModuleState.cpp, added test to test/Makefile.am,
test/sixteen-stereo-to-eight-mono.c.
- CVE-2015-7747
-- Marc Deslauriers Tue, 20 Oct 2015 08:57:52 -0400
|
1502721 |
When changing both sample format and number of channels, data gets corrupted; if new sample format smaller than old, possible buffer overflow |
CVE-2015-7747 |
When changing both sample format and number of channels, data gets corrupted; if new sample format smaller than old, possible buffer overflow |
|
About
-
Send Feedback to @ubuntu_updates