Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Backports:SLE-15-SP6:Update
sox
CVE-2023-32627.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2023-32627.patch of Package sox
From: =?utf-8?q?Bastien_Roucari=C3=A8s?= <rouca@debian.org> Date: Sun, 13 Aug 2023 14:14:09 +0000 Subject: CVE-2023-32627 Filter null sampling rate in VOC coder Avoid a divide by zero and out of bound read by rejecting null sampling rate in VOC file bug: https://sourceforge.net/p/sox/bugs/369/ bug-redhat: https://bugzilla.redhat.com/show_bug.cgi?id=2212282 bug-debian: https://bugs.debian.org/1041112 bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2023-32627 --- src/voc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/voc.c b/src/voc.c index f44933d..cad32fa 100644 --- a/src/voc.c +++ b/src/voc.c @@ -351,6 +351,11 @@ static size_t read_samples(sox_format_t * ft, sox_sample_t * buf, v->block_remaining = 0; return done; } + if(uc == 0) { + lsx_fail_errno(ft, EINVAL, "invalid rate value"); + v->block_remaining = 0; + return done; + } *buf = SOX_UNSIGNED_8BIT_TO_SAMPLE(uc,); lsx_adpcm_init(&v->adpcm, 6 - v->size, SOX_SAMPLE_TO_SIGNED_16BIT(*buf, ft->clips)); ++buf;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor