Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
flac.197
flac-fix-CVE-2014-8962.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File flac-fix-CVE-2014-8962.patch of Package flac.197
From 5b3033a2b355068c11fe637e14ac742d273f076e Mon Sep 17 00:00:00 2001 From: Erik de Castro Lopo <erikd@mega-nerd.com> Date: Tue, 18 Nov 2014 07:20:25 -0800 Subject: [PATCH] src/libFLAC/stream_decoder.c : Fix buffer read overflow. This is CVE-2014-8962. Reported-by: Michele Spagnuolo, Google Security Team <mikispag@google.com> --- src/libFLAC/stream_decoder.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- a/src/libFLAC/stream_decoder.c +++ b/src/libFLAC/stream_decoder.c @@ -71,7 +71,7 @@ FLAC_API int FLAC_API_SUPPORTS_OGG_FLAC * ***********************************************************************/ -static FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' }; +static const FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' }; /*********************************************************************** * @@ -1381,6 +1381,10 @@ FLAC__bool find_metadata_(FLAC__StreamDe id = 0; continue; } + + if(id >= 3) + return false; + if(x == ID3V2_TAG_[id]) { id++; i = 0;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor