Package "libsndfile"
Name: |
libsndfile
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- Library for reading/writing audio files
- debugging symbols for libsndfile
- Development files for libsndfile; a library for reading/writing audio files
|
Latest version: |
1.0.25-7ubuntu2.2 |
Release: |
trusty (14.04) |
Level: |
security |
Repository: |
main |
Links
Other versions of "libsndfile" in Trusty
Packages in group
Deleted packages are displayed in grey.
Changelog
libsndfile (1.0.25-7ubuntu2.2) trusty-security; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/*: synchronize security fixes with Debian's
1.0.25-9.1+deb7u2 release. Thanks!
- CVE-2017-7585, CVE-2017-7586, CVE-2017-7741, CVE-2017-7742,
CVE-2017-8361, CVE-2017-8362, CVE-2017-8363, CVE-2017-8365
-- Marc Deslauriers <email address hidden> Wed, 31 May 2017 09:42:28 -0400
|
Source diff to previous version |
CVE-2017-7585 |
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a spe |
CVE-2017-7586 |
In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffe |
CVE-2017-7741 |
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write me |
CVE-2017-7742 |
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read mem |
CVE-2017-8361 |
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application cr |
CVE-2017-8362 |
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash |
CVE-2017-8363 |
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and ap |
CVE-2017-8365 |
The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) |
|
libsndfile (1.0.25-7ubuntu2.1) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via out-of-bounds read
- debian/patches/CVE-2014-9496.patch: check map offset and rsrc marker
in src/sd2.c.
- CVE-2014-9496
* SECURITY UPDATE: denial of service via division-by-zero
- debian/patches/CVE-2014-9756.patch: check bytes and items in
src/file_io.c.
- CVE-2014-9756
* SECURITY UPDATE: heap overflow via AIFF file headindex value
- debian/patches/CVE-2015-7805.patch: use headend in src/common.c.
- CVE-2015-7805
-- Marc Deslauriers Mon, 07 Dec 2015 10:01:39 -0500
|
CVE-2014-9496 |
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rs |
CVE-2014-9756 |
The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via uns |
CVE-2015-7805 |
Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF f |
|
About
-
Send Feedback to @ubuntu_updates