oss-sec mailing list archives
CVE Request: Audio File Library
From: Seth Arnold <seth.arnold () canonical com>
Date: Mon, 5 Oct 2015 21:03:19 -0700
Hello MITRE, all, Fabrizio Gennari reported an issue in The Audio File library to the Ubuntu bugtracker: https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721 His description included, in part: When libaudiofile is used to change both the number of channels of an audio file (e.g. from stereo to mono) and the sample format (e.g. from 16-bit samples to 8-bit samples), the output file will contain corrupted data. If the new sample format is smaller than the old one, there is a risk of buffer overflow: e.g. when the input file has 16-bit samples and the output file has 8-bit samples, afReadFrames will treat the buffer to read the samples (argument void *data) as a pointer to int16_t instead of int8_t, therefore it will write past its end. He proposed a solution and test case to the Audio File library: https://github.com/mpruett/audiofile/pull/25/files Please assign a CVE as appropriate. Thanks
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE Request: Audio File Library Seth Arnold (Oct 05)
- Re: CVE Request: Audio File Library cve-assign (Oct 07)