diff options
| author |   Yi Zhao <yi.zhao@windriver.com> | 2018-09-07 08:22:05 +0800 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-09-07 17:48:32 +0100 |
| commit | a300c4917b6c22ef039158be7ae92055c35658d4 (patch) | |
| tree | 05268fb726e130b5137e2f7025c20a80ae83b5ef /meta/recipes-support | |
| parent | d2dc07ebc9e38a7936c942b7c89caa67b654c587 (diff) | |
| download | openembedded-core-a300c4917b6c22ef039158be7ae92055c35658d4.tar.gz | |
taglib: Security fix CVE-2018-11439
CVE-2018-11439: The TagLib::Ogg::FLAC::File::scan function in
oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause
information disclosure (heap-based buffer over-read) via a crafted audio
file.
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-11439
Patch from:
https://github.com/taglib/taglib/pull/869/commits/272648ccfcccae30e002ccf34a22e075dd477278
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support')
| -rw-r--r-- | meta/recipes-support/taglib/taglib/CVE-2018-11439.patch | 51 | ||||
| -rw-r--r-- | meta/recipes-support/taglib/taglib_1.11.1.bb | 1 |
2 files changed, 52 insertions, 0 deletions
diff --git a/meta/recipes-support/taglib/taglib/CVE-2018-11439.patch b/meta/recipes-support/taglib/taglib/CVE-2018-11439.patch new file mode 100644 index 0000000000..cdd66e67f7 --- /dev/null +++ b/meta/recipes-support/taglib/taglib/CVE-2018-11439.patch @@ -0,0 +1,51 @@ +From 272648ccfcccae30e002ccf34a22e075dd477278 Mon Sep 17 00:00:00 2001 +From: Scott Gayou <github.scott@gmail.com> +Date: Mon, 4 Jun 2018 11:34:36 -0400 +Subject: [PATCH] Fixed OOB read when loading invalid ogg flac file. (#868) + +This CVE is caused by a failure to check the minimum length +of a ogg flac header. This header is detailed in full at: +https://xiph.org/flac/ogg_mapping.html. Added more strict checking +for entire header. + +Upstream-Status: Backport +[https://github.com/taglib/taglib/pull/869/commits/272648ccfcccae30e002ccf34a22e075dd477278] + +CVE: CVE-2018-11439 + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + taglib/ogg/flac/oggflacfile.cpp | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/taglib/ogg/flac/oggflacfile.cpp b/taglib/ogg/flac/oggflacfile.cpp +index 53d0450..07ea9dc 100644 +--- a/taglib/ogg/flac/oggflacfile.cpp ++++ b/taglib/ogg/flac/oggflacfile.cpp +@@ -231,11 +231,21 @@ void Ogg::FLAC::File::scan() + + if(!metadataHeader.startsWith("fLaC")) { + // FLAC 1.1.2+ ++ // See https://xiph.org/flac/ogg_mapping.html for the header specification. ++ if(metadataHeader.size() < 13) ++ return; ++ ++ if(metadataHeader[0] != 0x7f) ++ return; ++ + if(metadataHeader.mid(1, 4) != "FLAC") + return; + +- if(metadataHeader[5] != 1) +- return; // not version 1 ++ if(metadataHeader[5] != 1 && metadataHeader[6] != 0) ++ return; // not version 1.0 ++ ++ if(metadataHeader.mid(9, 4) != "fLaC") ++ return; + + metadataHeader = metadataHeader.mid(13); + } +-- +2.7.4 + diff --git a/meta/recipes-support/taglib/taglib_1.11.1.bb b/meta/recipes-support/taglib/taglib_1.11.1.bb index 50439bc14f..01dcf66d1e 100644 --- a/meta/recipes-support/taglib/taglib_1.11.1.bb +++ b/meta/recipes-support/taglib/taglib_1.11.1.bb @@ -10,6 +10,7 @@ DEPENDS = "zlib" SRC_URI = "http://taglib.github.io/releases/${BP}.tar.gz \ file://CVE-2017-12678.patch \ + file://CVE-2018-11439.patch \ " SRC_URI[md5sum] = "cee7be0ccfc892fa433d6c837df9522a" |