Attachment #159101 for bug #201778

View | Details | Raw Unified | Return to bug 201778
Collapse All | Expand All





-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="9dd761ff-30cb-11e5-a4a5-002590263bf5">
    <topic>sox -- memory corruption vulnerabilities</topic>
    <affects>
      <package>
	<name>sox</name>
	<range><le>14.4.2</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Michele Spagnuolo, Google Security Team, reports:</p>
	<blockquote cite="http://seclists.org/oss-sec/2015/q3/167">
	  <p>The write heap buffer overflows are related to ADPCM handling in
	    WAV files, while the read heap buffer overflow is while opening a
	    .VOC.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://seclists.org/oss-sec/2015/q3/167</url>
    </references>
    <dates>
      <discovery>2015-07-22</discovery>
      <entry>2015-07-23</entry>
    </dates>
  </vuln>

  <vuln vid="92cda470-30cb-11e5-a4a5-002590263bf5">
    <topic>sox -- input sanitization errors</topic>
    <affects>
      <package>
	<name>sox</name>
	<range><lt>14.4.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>oCERT reports:</p>
	<blockquote cite="http://www.ocert.org/advisories/ocert-2014-010.html">
	  <p>The sox command line tool is affected by two heap-based buffer
	    overflows, respectively located in functions start_read() and
	    AdpcmReadBlock().</p>
	  <p>A specially crafted wav file can be used to trigger the
	    vulnerabilities.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <bid>71774</bid>
      <cvename>CVE-2014-8145</cvename>
      <url>http://www.ocert.org/advisories/ocert-2014-010.html</url>
    </references>
    <dates>
      <discovery>2014-12-22</discovery>
      <entry>2015-07-23</entry>
    </dates>
  </vuln>

  <vuln vid="95eee71d-3068-11e5-a9b5-bcaec565249c">
    <topic>gdk-pixbuf2 -- heap overflow and DoS affecting Firefox and other programs</topic>
    <affects>

Return to bug 201778

Lines 58-63 Link Here

(-)vuln.xml (+58 lines)
58		58
59	-->	59	-->
60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		61	<vuln vid="9dd761ff-30cb-11e5-a4a5-002590263bf5">
		62	<topic>sox -- memory corruption vulnerabilities</topic>
		63	<affects>
		64	<package>
		65	<name>sox</name>
		66	<range><le>14.4.2</le></range>
		67	</package>
		68	</affects>
		69	<description>
		70	<body xmlns="http://www.w3.org/1999/xhtml">
		71	<p>Michele Spagnuolo, Google Security Team, reports:</p>
		72	<blockquote cite="http://seclists.org/oss-sec/2015/q3/167">
		73	<p>The write heap buffer overflows are related to ADPCM handling in
		74	WAV files, while the read heap buffer overflow is while opening a
		75	.VOC.</p>
		76	</blockquote>
		77	</body>
		78	</description>
		79	<references>
		80	<url>http://seclists.org/oss-sec/2015/q3/167</url>
		81	</references>
		82	<dates>
		83	<discovery>2015-07-22</discovery>
		84	<entry>2015-07-23</entry>
		85	</dates>
		86	</vuln>
		87
		88	<vuln vid="92cda470-30cb-11e5-a4a5-002590263bf5">
		89	<topic>sox -- input sanitization errors</topic>
		90	<affects>
		91	<package>
		92	<name>sox</name>
		93	<range><lt>14.4.2</lt></range>
		94	</package>
		95	</affects>
		96	<description>
		97	<body xmlns="http://www.w3.org/1999/xhtml">
		98	<p>oCERT reports:</p>
		99	<blockquote cite="http://www.ocert.org/advisories/ocert-2014-010.html">
		100	<p>The sox command line tool is affected by two heap-based buffer
		101	overflows, respectively located in functions start_read() and
		102	AdpcmReadBlock().</p>
		103	<p>A specially crafted wav file can be used to trigger the
		104	vulnerabilities.</p>
		105	</blockquote>
		106	</body>
		107	</description>
		108	<references>
		109	<bid>71774</bid>
		110	<cvename>CVE-2014-8145</cvename>
		111	<url>http://www.ocert.org/advisories/ocert-2014-010.html</url>
		112	</references>
		113	<dates>
		114	<discovery>2014-12-22</discovery>
		115	<entry>2015-07-23</entry>
		116	</dates>
		117	</vuln>
		118
61	<vuln vid="95eee71d-3068-11e5-a9b5-bcaec565249c">	119	<vuln vid="95eee71d-3068-11e5-a9b5-bcaec565249c">
62	<topic>gdk-pixbuf2 -- heap overflow and DoS affecting Firefox and other programs</topic>	120	<topic>gdk-pixbuf2 -- heap overflow and DoS affecting Firefox and other programs</topic>
63	<affects>	121	<affects>