diff mbox series

[meta-oe,kirkstone,1/5] audiofile: mark CVE-2020-18781 as patched

Message ID 20251114194522.643069-1-skandigraun@gmail.com
State New
Headers show
Series [meta-oe,kirkstone,1/5] audiofile: mark CVE-2020-18781 as patched | expand

Commit Message

Gyorgy Sarvari Nov. 14, 2025, 7:45 p.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

Per [1] this CVE is already patched by commit [2].

This can be also verified with yocto build.

Running without this patch:
root@qemux86-64:~# sfconvert poc.wav output format wave
malloc(): corrupted top size
Aborted

Running with it:
root@qemux86-64:~# sfconvert poc.wav output format wave
Audio File Library: Bad number of coefficients [error 62]
Could not open file 'poc.wav' for reading.

[1] https://github.com/mpruett/audiofile/issues/56
[2] https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 68f55c158e15a5d35702ae5c730586001e487f86)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../files/0004-Always-check-the-number-of-coefficients.patch     | 1 +
 1 file changed, 1 insertion(+)
diff mbox series

Patch

diff --git a/meta-oe/recipes-multimedia/audiofile/files/0004-Always-check-the-number-of-coefficients.patch b/meta-oe/recipes-multimedia/audiofile/files/0004-Always-check-the-number-of-coefficients.patch
index 282f4c01b9..17a97163f5 100644
--- a/meta-oe/recipes-multimedia/audiofile/files/0004-Always-check-the-number-of-coefficients.patch
+++ b/meta-oe/recipes-multimedia/audiofile/files/0004-Always-check-the-number-of-coefficients.patch
@@ -17,6 +17,7 @@  CVE: CVE-2017-6832
 CVE: CVE-2017-6833
 CVE: CVE-2017-6835
 CVE: CVE-2017-6837
+CVE: CVE-2020-18781
 Upstream-Status: Inactive-Upstream [lastrelease: 2013]
 Signed-off-by: Peter Marko <peter.marko@siemens.com>
 ---