oss-sec mailing list archives
Re: CVE Request: Audio File Library
From: cve-assign () mitre org
Date: Wed, 7 Oct 2015 23:01:28 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721 https://github.com/mpruett/audiofile/pull/25/files
When libaudiofile is used to change both the number of channels of an audio file (e.g. from stereo to mono) and the sample format (e.g. from 16-bit samples to 8-bit samples), the output file will contain corrupted data. The 2 variables byte and abyte are int8_t. afReadFrames is told to read 1 8-bit sample into byte, but ends up treating &byte as a pointer to an int16_t, thus overwriting abyte
Use CVE-2015-7747. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWFdvAAAoJEL54rhJi8gl5P5AQANByD2GdY3CRGrGRm06N4yEK 1ir7TAsy5+SW5wjvyBjBzMmEhCCs2IIq48pXpZxHIeA9mmd/fxsxTuWIEdAXwruH HvTvBwRBOSK9srEyL2ksCA6agLtq+pDuCuksdnHLnotJbuqziBlSSmP1QXWaOklD 6DjnRy7cUGs4/ZWcuMfGHyo/GVRhHrfbspiJQFfnO43hKraBd79ZaLNz7SNQxmlq 77ruploCtfCdPvcbwsR4xy5ogPy/o+jEreLySgEgqlWXI4Q/aXYwr/P/DOcPTyVr mmbicJ53IDMsX7vW5xpk1teGcFLrhb6fL4nr2PWQSaRUf12Q4YEgPMpIPqqbUbQU uvU3ZmrU78Ciw1+6fA6Issajk7MQ0ElbYijErRk/U3he0zNkYjAjKJlNAAkHFsfB tic6cOyHATt8U/NVCBaUlffclerU17mu+nbg74CbOLnXDERInhUpvSFiVIx5NPLj iVjXz/0VMmfDIaVLDD+tWv/0BTivq887L9rvP4Xnnie+GpDQExOkD0Los50G8caS vBjb4gl/w2MWJmoaZEXIaUowZDntqttdkN5k88SjAW676UChyPJtMRQUUg5wHXzj PdEh11jaR35Qt8v8DtikFhoLJC72gS7Hy++Vwah/AABFWBbsGu/qLYo1g5PUfps3 rEZF+jsCSdCtDHH3uNt6 =KsIM -----END PGP SIGNATURE-----
Current thread:
- CVE Request: Audio File Library Seth Arnold (Oct 05)
- Re: CVE Request: Audio File Library cve-assign (Oct 07)