UbuntuUpdates.org

Package "libaudiofile-dev"

Name: libaudiofile-dev

Description:

Open-source version of SGI's audiofile library (header files)
Latest version: 0.3.6-2ubuntu0.14.04.3
Release: trusty (14.04)
Level: updates
Repository: main
Head package: audiofile
Homepage: http://audiofile.68k.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libaudiofile-dev"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libaudiofile-dev" in Trusty

Repository Area Version
base main 0.3.6-2
security main 0.3.6-2ubuntu0.14.04.3

Changelog

Version: 0.3.6-2ubuntu0.14.04.3 2018-10-24 16:07:06 UTC

  audiofile (0.3.6-2ubuntu0.14.04.3) trusty-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-13440.patch: fix in
      libaudiofile/modules/ModuleState.cpp.
    - CVE-2018-13440
  * SECURITY UPDATE: Heap-based buffer overflow
    - debian/patches/CVE-2018-17095.patch: fix in
      libaudiofile/modules/SimpleModule.cpp.
    - CVE-2018-17095

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 23 Oct 2018 15:12:20 -0300
Source diff to previous version
CVE-2018-13440 The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker
CVE-2018-17095 An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6. A heap-based buffer overflow in Expand3To4Module::run has occurred

Version: 0.3.6-2ubuntu0.14.04.2 2017-03-22 18:06:55 UTC

  audiofile (0.3.6-2ubuntu0.14.04.2) trusty-security; urgency=high

  * SECURITY UPDATE: multiple vulnerabilities (LP: #1674005)
    - Apply patches from Debian 0.3.6-4:
      + 04_clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch
      + 05_Always-check-the-number-of-coefficients.patch
      + 06_Check-for-multiplication-overflow-in-MSADPCM-decodeSam.patch
      + 07_Check-for-multiplication-overflow-in-sfconvert.patch
      + 08_Fix-signature-of-multiplyCheckOverflow.-It-returns-a-b.patch
      + 09_Actually-fail-when-error-occurs-in-parseFormat.patch
      + 10_Check-for-division-by-zero-in-BlockCodec-runPull.patch
    - CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830,
      CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834,
      CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838,
      CVE-2017-6839

 -- Jeremy Bicha <email address hidden> Thu, 16 Mar 2017 21:43:45 +0100
Source diff to previous version
1674005 audiofile: Multiple security issues from March 2017
CVE-2017-6827 Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.
CVE-2017-6828 Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote att
CVE-2017-6829 The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a c
CVE-2017-6830 Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
CVE-2017-6831 Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
CVE-2017-6832 Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of
CVE-2017-6833 The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of
CVE-2017-6834 Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
CVE-2017-6835 The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of s
CVE-2017-6836 Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6 a
CVE-2017-6837 WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large numb
CVE-2017-6838 Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) v
CVE-2017-6839 Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via

Version: 0.3.6-2ubuntu0.14.04.1 2015-10-28 22:06:29 UTC

  audiofile (0.3.6-2ubuntu0.14.04.1) trusty-security; urgency=medium

  * SECURITY UPDATE: buffer overflow when changing both sample format and
    number of channels (LP: #1502721)
    - debian/patches/CVE-2015-7747.patch: don't corrupt files in
      libaudiofile/modules/ModuleState.cpp, added test to test/Makefile.am,
      test/sixteen-stereo-to-eight-mono.c.
    - CVE-2015-7747

 -- Marc Deslauriers Tue, 20 Oct 2015 07:57:26 -0400
1502721 When changing both sample format and number of channels, data gets corrupted; if new sample format smaller than old, possible buffer overflow
CVE-2015-7747 When changing both sample format and number of channels, data gets corrupted; if new sample format smaller than old, possible buffer overflow


About   -   Send Feedback to @ubuntu_updates