Projects
home:Eustace:branches:Eulaceura:Factory
sox
_service:obs_scm:CVE-2021-23159.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:obs_scm:CVE-2021-23159.patch of Package sox
From: Helmut Grohne <helmut@subdivi.de> Subject: hcom: validate dictsize Bug: https://sourceforge.net/p/sox/bugs/350/ Bug: https://sourceforge.net/p/sox/bugs/352/ Bug-Debian: https://bugs.debian.org/1021133 Bug-Debian: https://bugs.debian.org/1021134 This patch fixes both CVE-2021-23159 and CVE-2021-23172. --- a/src/hcom.c +++ b/src/hcom.c @@ -134,6 +134,11 @@ return (SOX_EOF); } lsx_readw(ft, &dictsize); + if (dictsize == 0 || dictsize > 511) + { + lsx_fail_errno(ft, SOX_EHDR, "Implausible dictionary size in HCOM header"); + return SOX_EOF; + } /* Translate to sox parameters */ ft->encoding.encoding = SOX_ENCODING_HCOM;
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2