[Buildroot] [PATCH 1/2] package/libvorbis: fix CVE-2018-10392
Peter Korsgaard
peter at korsgaard.com
Sat Mar 14 18:39:38 UTC 2020
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not
> validate the number of channels, which allows remote attackers to cause
> a denial of service (heap-based buffer overflow or over-read) or
> possibly have unspecified other impact via a crafted file.
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed to 2019.02.x and 2019.11.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list