Skip to content
Commit ccbef384 authored by Tanu Kaskinen's avatar Tanu Kaskinen Committed by Richard Purdie
Browse files

libvorbis: CVE-2017-14632

Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing
uninitialized memory in the function vorbis_analysis_headerout() in
info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632



(From OE-Core rev: 6dcd8bdd5ffebafec5bbb811243f4dbf3a7038b8)

Signed-off-by: default avatarTanu Kaskinen <tanuk@iki.fi>
Signed-off-by: default avatarRichard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: default avatarArmin Kuster <akuster808@gmail.com>
parent a7f1fa65
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment