[Buildroot] [PATCH] wavpack: add upstream security fixes
Peter Korsgaard
peter at korsgaard.com
Tue Apr 10 20:50:28 UTC 2018
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issues:
> CVE-2018-6767: A stack-based buffer over-read in the ParseRiffHeaderConfig
> function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to
> cause a denial-of-service attack or possibly have unspecified other impact
> via a maliciously crafted RF64 file.
> CVE-2018-7253: The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file
> of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service
> (heap-based buffer over-read) or possibly overwrite the heap via a
> maliciously crafted DSDIFF file.
> CVE-2018-7254: The ParseCaffHeaderConfig function of the cli/caff.c file of
> WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global
> buffer over-read), or possibly trigger a buffer overflow or incorrect memory
> allocation, via a maliciously crafted CAF file.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2017.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list