Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed,  7 Oct 2015 23:01:28 -0400 (EDT)
From: cve-assign@...re.org
To: seth.arnold@...onical.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, michael@....org, security@...ntu.com
Subject: Re: CVE Request: Audio File Library

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721
> https://github.com/mpruett/audiofile/pull/25/files

> When libaudiofile is used to change both the number of channels of an
> audio file (e.g. from stereo to mono) and the sample format (e.g. from
> 16-bit samples to 8-bit samples), the output file will contain
> corrupted data.
> 
> The 2 variables byte and abyte are int8_t. afReadFrames is told to
> read 1 8-bit sample into byte, but ends up treating &byte as a pointer
> to an int16_t, thus overwriting abyte

Use CVE-2015-7747.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWFdvAAAoJEL54rhJi8gl5P5AQANByD2GdY3CRGrGRm06N4yEK
1ir7TAsy5+SW5wjvyBjBzMmEhCCs2IIq48pXpZxHIeA9mmd/fxsxTuWIEdAXwruH
HvTvBwRBOSK9srEyL2ksCA6agLtq+pDuCuksdnHLnotJbuqziBlSSmP1QXWaOklD
6DjnRy7cUGs4/ZWcuMfGHyo/GVRhHrfbspiJQFfnO43hKraBd79ZaLNz7SNQxmlq
77ruploCtfCdPvcbwsR4xy5ogPy/o+jEreLySgEgqlWXI4Q/aXYwr/P/DOcPTyVr
mmbicJ53IDMsX7vW5xpk1teGcFLrhb6fL4nr2PWQSaRUf12Q4YEgPMpIPqqbUbQU
uvU3ZmrU78Ciw1+6fA6Issajk7MQ0ElbYijErRk/U3he0zNkYjAjKJlNAAkHFsfB
tic6cOyHATt8U/NVCBaUlffclerU17mu+nbg74CbOLnXDERInhUpvSFiVIx5NPLj
iVjXz/0VMmfDIaVLDD+tWv/0BTivq887L9rvP4Xnnie+GpDQExOkD0Los50G8caS
vBjb4gl/w2MWJmoaZEXIaUowZDntqttdkN5k88SjAW676UChyPJtMRQUUg5wHXzj
PdEh11jaR35Qt8v8DtikFhoLJC72gS7Hy++Vwah/AABFWBbsGu/qLYo1g5PUfps3
rEZF+jsCSdCtDHH3uNt6
=KsIM
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ