[Buildroot] [PATCH] package/vorbis-tools: add upstream security fixes for CVE-2014-96{38, 39, 40}
Peter Korsgaard
peter at korsgaard.com
Tue Mar 10 20:55:09 UTC 2020
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security vulnerabilities:
> - CVE-2014-9638: oggenc in vorbis-tools 1.4.0 allows remote attackers to
> cause a denial of service (divide-by-zero error and crash) via a WAV file
> with the number of channels set to zero.
> - CVE-2014-9639: Integer overflow in oggenc in vorbis-tools 1.4.0 allows
> remote attackers to cause a denial of service (crash) via a crafted number
> of channels in a WAV file, which triggers an out-of-bounds memory access.
> - CVE-2014-9640: oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote
> attackers to cause a denial of service (out-of-bounds read) via a crafted
> raw file.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2019.02.x and 2019.11.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list