]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: db6c0df) | patch
libvorbis: CVE-2017-14632
authorTanu Kaskinen <tanuk@iki.fi>
Tue, 20 Mar 2018 08:50:23 +0000 (10:50 +0200)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sun, 25 Mar 2018 08:33:34 +0000 (09:33 +0100)
commit5786e39e040f241f6bade29ba2ce61b7715e1b66
tree2fc25ee632311a0114416c30f987c4da649b47actree
parentdb6c0df30acdb9973f9bd4297a5fce4725c0720dcommit | diff
libvorbis: CVE-2017-14632

Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing
uninitialized memory in the function vorbis_analysis_headerout() in
info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632

Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14632.patch [new file with mode: 0644] blob
meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib