From: Peter Marko <[email protected]> Per [1] this CVE is already patched by commit [2].
This can be also verified with yocto build. Running without this patch: root@qemux86-64:~# sfconvert poc.wav output format wave malloc(): corrupted top size Aborted Running with it: root@qemux86-64:~# sfconvert poc.wav output format wave Audio File Library: Bad number of coefficients [error 62] Could not open file 'poc.wav' for reading. [1] https://github.com/mpruett/audiofile/issues/56 [2] https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0 Signed-off-by: Peter Marko <[email protected]> --- .../files/0004-Always-check-the-number-of-coefficients.patch | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-oe/recipes-multimedia/audiofile/files/0004-Always-check-the-number-of-coefficients.patch b/meta-oe/recipes-multimedia/audiofile/files/0004-Always-check-the-number-of-coefficients.patch index 282f4c01b9..17a97163f5 100644 --- a/meta-oe/recipes-multimedia/audiofile/files/0004-Always-check-the-number-of-coefficients.patch +++ b/meta-oe/recipes-multimedia/audiofile/files/0004-Always-check-the-number-of-coefficients.patch @@ -17,6 +17,7 @@ CVE: CVE-2017-6832 CVE: CVE-2017-6833 CVE: CVE-2017-6835 CVE: CVE-2017-6837 +CVE: CVE-2020-18781 Upstream-Status: Inactive-Upstream [lastrelease: 2013] Signed-off-by: Peter Marko <[email protected]> --- -- 2.30.2
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#114932): https://lists.openembedded.org/g/openembedded-devel/message/114932 Mute This Topic: https://lists.openembedded.org/mt/110672746/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
