[oe] [meta-oe][PATCH v3 1/5] audiofile: patch CVE-2019-13147 and CVE-2022-24599

Gyorgy Sarvari via lists.openembedded.org Fri, 14 Nov 2025 00:24:57 -0800

Details: https://nvd.nist.gov/vuln/detail/CVE-2019-13147
https://nvd.nist.gov/vuln/detail/CVE-2022-24599


These patches are used by opensuse to mitigate the corresponding 
vulnerabulities.

Signed-off-by: Gyorgy Sarvari <[email protected]>
---

v2: no change
v3: no change

 .../audiofile/audiofile_0.3.6.bb              |  2 +
 .../audiofile/files/CVE-2019-13147.patch      | 31 ++++++++++++
 .../audiofile/files/CVE-2022-24599.patch      | 50 +++++++++++++++++++
 3 files changed, 83 insertions(+)
 create mode 100644 
meta-oe/recipes-multimedia/audiofile/files/CVE-2019-13147.patch
 create mode 100644 
meta-oe/recipes-multimedia/audiofile/files/CVE-2022-24599.patch

diff --git a/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb 
b/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb
index 50df31c7b9..fd80729bd2 100644
--- a/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb
+++ b/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb
@@ -18,6 +18,8 @@ SRC_URI = " \
     file://0006-Check-for-multiplication-overflow-in-sfconvert.patch \
     file://0007-Actually-fail-when-error-occurs-in-parseFormat.patch \
     file://0008-Check-for-multiplication-overflow-in-MSADPCM-decodeS.patch \
+    file://CVE-2019-13147.patch \
+    file://CVE-2022-24599.patch \
 "
 SRC_URI[sha256sum] = 
"ea2449ad3f201ec590d811db9da6d02ffc5e87a677d06b92ab15363d8cb59782"
 
diff --git a/meta-oe/recipes-multimedia/audiofile/files/CVE-2019-13147.patch 
b/meta-oe/recipes-multimedia/audiofile/files/CVE-2019-13147.patch
new file mode 100644
index 0000000000..19f6892f69
--- /dev/null
+++ b/meta-oe/recipes-multimedia/audiofile/files/CVE-2019-13147.patch
@@ -0,0 +1,31 @@
+This patch is taken from opensuse: 
+https://build.opensuse.org/package/show/multimedia:libs/audiofile
+
+CVE: CVE-2019-13147
+Upstream-Status: Inactive-Upstream [lastcommit: 2016-Aug-30]
+Signed-off-by: Gyorgy Sarvari <[email protected]>
+
+diff --unified --recursive --text --new-file --color 
audiofile-0.3.6/libaudiofile/NeXT.cpp audiofile-0.3.6.new/libaudiofile/NeXT.cpp
+--- audiofile-0.3.6/libaudiofile/NeXT.cpp      2013-03-06 13:30:03.000000000 
+0800
++++ audiofile-0.3.6.new/libaudiofile/NeXT.cpp  2025-05-14 10:45:11.685700984 
+0800
+@@ -32,6 +32,7 @@
+ #include <stdint.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include <limits.h>
+ 
+ #include "File.h"
+ #include "Setup.h"
+@@ -122,6 +123,12 @@
+               _af_error(AF_BAD_CHANNELS, "invalid file with 0 channels");
+               return AF_FAIL;
+       }
++      /* avoid overflow of INT for double size rate */
++      if (channelCount > (INT32_MAX / (sizeof(double))))
++      {
++              _af_error(AF_BAD_CHANNELS, "invalid file with %i channels", 
channelCount);
++              return AF_FAIL;
++      }
+ 
+       Track *track = allocateTrack();
+       if (!track)
diff --git a/meta-oe/recipes-multimedia/audiofile/files/CVE-2022-24599.patch 
b/meta-oe/recipes-multimedia/audiofile/files/CVE-2022-24599.patch
new file mode 100644
index 0000000000..9214d80172
--- /dev/null
+++ b/meta-oe/recipes-multimedia/audiofile/files/CVE-2022-24599.patch
@@ -0,0 +1,50 @@
+This patch is taken from opensuse:
+https://build.opensuse.org/package/show/multimedia:libs/audiofile
+
+CVE: CVE-2022-24599
+Upstream-Status: Inactive-Upstream [lastcommit: 2016-Aug-30]
+Signed-off-by: Gyorgy Sarvari <[email protected]>
+
+diff --unified --recursive --text --new-file --color 
audiofile-0.3.6.old/sfcommands/printinfo.c 
audiofile-0.3.6.new/sfcommands/printinfo.c
+--- audiofile-0.3.6.old/sfcommands/printinfo.c 2013-03-06 13:30:03.000000000 
+0800
++++ audiofile-0.3.6.new/sfcommands/printinfo.c 2025-04-30 15:18:24.778177640 
+0800
+@@ -37,6 +37,7 @@
+ #include <stdint.h>
+ #include <stdio.h>
+ #include <stdlib.h>
++#include <limits.h>
+ 
+ static char *copyrightstring (AFfilehandle file);
+ 
+@@ -147,7 +148,11 @@
+       int             i, misccount;
+ 
+       misccount = afGetMiscIDs(file, NULL);
+-      miscids = (int *) malloc(sizeof (int) * misccount);
++      if (!misccount)
++          return NULL;
++      miscids = (int *)calloc(misccount, sizeof(int));
++      if (!miscids)
++          return NULL;
+       afGetMiscIDs(file, miscids);
+ 
+       for (i=0; i<misccount; i++)
+@@ -159,13 +164,16 @@
+                       If this code executes, the miscellaneous chunk is a
+                       copyright chunk.
+               */
+-              int datasize = afGetMiscSize(file, miscids[i]);
+-              char *data = (char *) malloc(datasize);
++              size_t datasize = afGetMiscSize(file, miscids[i]);
++              if (datasize >= INT_MAX - 1)
++                  goto error;
++              char *data = (char *)calloc(datasize + 1, sizeof(char));
+               afReadMisc(file, miscids[i], data, datasize);
+               copyright = data;
+               break;
+       }
+ 
++error:
+       free(miscids);
+ 
+       return copyright;

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#121694): 
https://lists.openembedded.org/g/openembedded-devel/message/121694
Mute This Topic: https://lists.openembedded.org/mt/116289005/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

[oe] [meta-oe][PATCH v3 1/5] audiofile: patch CVE-2019-13147 and CVE-2022-24599

Reply via email to