pkgsrc/audio/taglib/patches/patch-CVE-2018-11439 - view

Return to patch-CVE-2018-11439 CVS log

Up to [cvs.NetBSD.org] / pkgsrc / audio / taglib / patches

File: [cvs.NetBSD.org] / pkgsrc / audio / taglib / patches / Attic / patch-CVE-2018-11439 (download)

Revision 1.1, Thu Jul 18 09:36:37 2019 UTC (19 months, 2 weeks ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2020Q4-base, pkgsrc-2020Q4, pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2, pkgsrc-2020Q1-base, pkgsrc-2020Q1, pkgsrc-2019Q4-base, pkgsrc-2019Q4, pkgsrc-2019Q3-base, pkgsrc-2019Q3
Branch point for: pkgsrc-2019Q2

taglib: Add patches from upstream's git for the following CVEs:

CVE-2017-12678 - denial-of-service
CVE-2018-11439 - information-disclosure

Bump PKGREVISION.

$NetBSD: patch-CVE-2018-11439,v 1.1 2019/07/18 09:36:37 nia Exp $

Fix CVE-2018-11439 - OOB read when loading invalid ogg flac file.

Upstream commit:
https://github.com/taglib/taglib/commit/2c4ae870ec086f2ddd21a47861a3709c36faac45

--- taglib/ogg/flac/oggflacfile.cpp.orig	2016-10-24 03:03:23.000000000 +0000
+++ taglib/ogg/flac/oggflacfile.cpp
@@ -216,11 +216,21 @@ void Ogg::FLAC::File::scan()
 
   if(!metadataHeader.startsWith("fLaC"))  {
     // FLAC 1.1.2+
+    // See https://xiph.org/flac/ogg_mapping.html for the header specification.
+    if(metadataHeader.size() < 13)
+      return;
+
+    if(metadataHeader[0] != 0x7f)
+      return;
+
     if(metadataHeader.mid(1, 4) != "FLAC")
       return;
 
-    if(metadataHeader[5] != 1)
-      return; // not version 1
+    if(metadataHeader[5] != 1 && metadataHeader[6] != 0)
+      return; // not version 1.0
+
+    if(metadataHeader.mid(9, 4) != "fLaC")
+      return;
 
     metadataHeader = metadataHeader.mid(13);
   }