CVE Request: Audio File Library

[Seth Arnold <seth.arnold () canonical com>]

Hello MITRE, all,

Fabrizio Gennari reported an issue in The Audio File library to the Ubuntu
bugtracker:
https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721

His description included, in part:

        When libaudiofile is used to change both the number of channels of
        an audio file (e.g. from stereo to mono) and the sample format
        (e.g. from 16-bit samples to 8-bit samples), the output file will
        contain corrupted data.

        If the new sample format is smaller than the old one, there is a
        risk of buffer overflow: e.g. when the input file has 16-bit
        samples and the output file has 8-bit samples, afReadFrames will
        treat the buffer to read the samples (argument void *data) as a
        pointer to int16_t instead of int8_t, therefore it will write past
        its end.

He proposed a solution and test case to the Audio File library:
https://github.com/mpruett/audiofile/pull/25/files

Please assign a CVE as appropriate.

Thanks

Attachment: signature.asc
Description: Digital signature