@@ -18,6 +18,8 @@ SRC_URI = " \
file://0006-Check-for-multiplication-overflow-in-sfconvert.patch \
file://0007-Actually-fail-when-error-occurs-in-parseFormat.patch \
file://0008-Check-for-multiplication-overflow-in-MSADPCM-decodeS.patch \
+ file://CVE-2019-13147.patch \
+ file://CVE-2022-24599.patch \
"
SRC_URI[sha256sum] = "ea2449ad3f201ec590d811db9da6d02ffc5e87a677d06b92ab15363d8cb59782"
new file mode 100644
@@ -0,0 +1,31 @@
+This patch is taken from opensuse:
+https://build.opensuse.org/package/show/multimedia:libs/audiofile
+
+CVE: CVE-2019-13147
+Upstream-Status: Inactive-Upstream [lastcommit: 2016-Aug-30]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+
+diff --unified --recursive --text --new-file --color audiofile-0.3.6/libaudiofile/NeXT.cpp audiofile-0.3.6.new/libaudiofile/NeXT.cpp
+--- audiofile-0.3.6/libaudiofile/NeXT.cpp 2013-03-06 13:30:03.000000000 +0800
++++ audiofile-0.3.6.new/libaudiofile/NeXT.cpp 2025-05-14 10:45:11.685700984 +0800
+@@ -32,6 +32,7 @@
+ #include <stdint.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include <limits.h>
+
+ #include "File.h"
+ #include "Setup.h"
+@@ -122,6 +123,12 @@
+ _af_error(AF_BAD_CHANNELS, "invalid file with 0 channels");
+ return AF_FAIL;
+ }
++ /* avoid overflow of INT for double size rate */
++ if (channelCount > (INT32_MAX / (sizeof(double))))
++ {
++ _af_error(AF_BAD_CHANNELS, "invalid file with %i channels", channelCount);
++ return AF_FAIL;
++ }
+
+ Track *track = allocateTrack();
+ if (!track)
new file mode 100644
@@ -0,0 +1,50 @@
+This patch is taken from opensuse:
+https://build.opensuse.org/package/show/multimedia:libs/audiofile
+
+CVE: CVE-2022-24599
+Upstream-Status: Inactive-Upstream [lastcommit: 2016-Aug-30]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+
+diff --unified --recursive --text --new-file --color audiofile-0.3.6.old/sfcommands/printinfo.c audiofile-0.3.6.new/sfcommands/printinfo.c
+--- audiofile-0.3.6.old/sfcommands/printinfo.c 2013-03-06 13:30:03.000000000 +0800
++++ audiofile-0.3.6.new/sfcommands/printinfo.c 2025-04-30 15:18:24.778177640 +0800
+@@ -37,6 +37,7 @@
+ #include <stdint.h>
+ #include <stdio.h>
+ #include <stdlib.h>
++#include <limits.h>
+
+ static char *copyrightstring (AFfilehandle file);
+
+@@ -147,7 +148,11 @@
+ int i, misccount;
+
+ misccount = afGetMiscIDs(file, NULL);
+- miscids = (int *) malloc(sizeof (int) * misccount);
++ if (!misccount)
++ return NULL;
++ miscids = (int *)calloc(misccount, sizeof(int));
++ if (!miscids)
++ return NULL;
+ afGetMiscIDs(file, miscids);
+
+ for (i=0; i<misccount; i++)
+@@ -159,13 +164,16 @@
+ If this code executes, the miscellaneous chunk is a
+ copyright chunk.
+ */
+- int datasize = afGetMiscSize(file, miscids[i]);
+- char *data = (char *) malloc(datasize);
++ size_t datasize = afGetMiscSize(file, miscids[i]);
++ if (datasize >= INT_MAX - 1)
++ goto error;
++ char *data = (char *)calloc(datasize + 1, sizeof(char));
+ afReadMisc(file, miscids[i], data, datasize);
+ copyright = data;
+ break;
+ }
+
++error:
+ free(miscids);
+
+ return copyright;
Details: https://nvd.nist.gov/vuln/detail/CVE-2019-13147 https://nvd.nist.gov/vuln/detail/CVE-2022-24599 These patches are used by opensuse to mitigate the corresponding vulnerabulities. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- .../audiofile/audiofile_0.3.6.bb | 2 + .../audiofile/files/CVE-2019-13147.patch | 31 ++++++++++++ .../audiofile/files/CVE-2022-24599.patch | 50 +++++++++++++++++++ 3 files changed, 83 insertions(+) create mode 100644 meta-oe/recipes-multimedia/audiofile/files/CVE-2019-13147.patch create mode 100644 meta-oe/recipes-multimedia/audiofile/files/CVE-2022-24599.patch