FreeBSD Bugzilla – Attachment 159101 Details for
Bug 201778
audio/sox: Multiple memory corruption vulnerabilities in SoX 14.4.2
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
security/vuxml for audio/sox
sox_vuxml.diff (text/plain), 2.16 KB, created by
Jason Unovitch
on 2015-07-23 00:40:53 UTC
(
hide
)
Description:
security/vuxml for audio/sox
Filename:
MIME Type:
Creator:
Jason Unovitch
Created:
2015-07-23 00:40:53 UTC
Size:
2.16 KB
patch
obsolete
>Index: vuln.xml >=================================================================== >--- vuln.xml (revision 392703) >+++ vuln.xml (working copy) >@@ -58,6 +58,64 @@ > > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="9dd761ff-30cb-11e5-a4a5-002590263bf5"> >+ <topic>sox -- memory corruption vulnerabilities</topic> >+ <affects> >+ <package> >+ <name>sox</name> >+ <range><le>14.4.2</le></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Michele Spagnuolo, Google Security Team, reports:</p> >+ <blockquote cite="http://seclists.org/oss-sec/2015/q3/167"> >+ <p>The write heap buffer overflows are related to ADPCM handling in >+ WAV files, while the read heap buffer overflow is while opening a >+ .VOC.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>http://seclists.org/oss-sec/2015/q3/167</url> >+ </references> >+ <dates> >+ <discovery>2015-07-22</discovery> >+ <entry>2015-07-23</entry> >+ </dates> >+ </vuln> >+ >+ <vuln vid="92cda470-30cb-11e5-a4a5-002590263bf5"> >+ <topic>sox -- input sanitization errors</topic> >+ <affects> >+ <package> >+ <name>sox</name> >+ <range><lt>14.4.2</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>oCERT reports:</p> >+ <blockquote cite="http://www.ocert.org/advisories/ocert-2014-010.html"> >+ <p>The sox command line tool is affected by two heap-based buffer >+ overflows, respectively located in functions start_read() and >+ AdpcmReadBlock().</p> >+ <p>A specially crafted wav file can be used to trigger the >+ vulnerabilities.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <bid>71774</bid> >+ <cvename>CVE-2014-8145</cvename> >+ <url>http://www.ocert.org/advisories/ocert-2014-010.html</url> >+ </references> >+ <dates> >+ <discovery>2014-12-22</discovery> >+ <entry>2015-07-23</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="95eee71d-3068-11e5-a9b5-bcaec565249c"> > <topic>gdk-pixbuf2 -- heap overflow and DoS affecting Firefox and other programs</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=159101">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
junovitch
:
maintainer-approval?
(
ports-secteam
)
Actions:
View
|
Diff
Attachments on
bug 201778
: 159101