Bug#865909: faac: CVE-2017-9129 CVE-2017-9130
control: tags -1 +patch +fixed-upstream This has been fixed in upstream GIT. Please find attached the cumulated patch - Fabian faac_865909.patch Description: Binary data ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Processed: Re: Bug#865909: faac: CVE-2017-9129 CVE-2017-9130
Processing control commands: > tags -1 +patch +fixed-upstream Bug #865909 {Done: Fabian Greffrath} [src:faac] faac: CVE-2017-9129 CVE-2017-9130 Ignoring request to alter tags of bug #865909 to the same tags previously set Bug #865909 {Done: Fabian Greffrath } [src:faac] faac: CVE-2017-9129 CVE-2017-9130 Added tag(s) fixed-upstream. -- 865909: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865909 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Processed: Re: Bug#865909: faac: CVE-2017-9129 CVE-2017-9130
Processing control commands: > forwarded -1 https://sourceforge.net/p/faac/bugs/208/ Bug #865909 [src:faac] faac: CVE-2017-9129 CVE-2017-9130 Set Bug forwarded-to-address to 'https://sourceforge.net/p/faac/bugs/208/'. > tags -1 +patch Bug #865909 [src:faac] faac: CVE-2017-9129 CVE-2017-9130 Added tag(s) patch. -- 865909: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865909 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#865909: faac: CVE-2017-9129 CVE-2017-9130
control: forwarded -1 https://sourceforge.net/p/faac/bugs/208/ control: tags -1 +patchdiff --git a/frontend/main.c b/frontend/main.c index 60f687b..33e39b8 100644 --- a/frontend/main.c +++ b/frontend/main.c @@ -806,6 +806,13 @@ int main(int argc, char *argv[]) hEncoder = faacEncOpen(infile->samplerate, infile->channels, , ); +if (hEncoder == NULL) +{ +fprintf(stderr, "Couldn't open encoder instance for input file %s\n", audioFileName); +wav_close(infile); +return 1; +} + #ifdef HAVE_LIBMP4V2 if (container != MP4_CONTAINER && (ntracks || trackno || artist || title || album || year || art || diff --git a/libfaac/frame.c b/libfaac/frame.c index 5c203b2..94887ac 100644 --- a/libfaac/frame.c +++ b/libfaac/frame.c @@ -288,7 +288,7 @@ int FAACAPI faacEncSetConfiguration(faacEncHandle hpEncoder, hEncoder->srInfo->num_cb_short); /* load channel_map */ - for( i = 0; i < 64; i++ ) + for( i = 0; i < MAX_CHANNELS; i++ ) hEncoder->config.channel_map[i] = config->channel_map[i]; /* OK */ @@ -303,6 +303,9 @@ faacEncHandle FAACAPI faacEncOpen(unsigned long sampleRate, unsigned int channel; faacEncStruct* hEncoder; +if (numChannels > MAX_CHANNELS) + return NULL; + *inputSamples = FRAME_LEN*numChannels; *maxOutputBytes = (6144/8)*numChannels; @@ -342,7 +345,7 @@ faacEncHandle FAACAPI faacEncOpen(unsigned long sampleRate, hEncoder->config.shortctl = SHORTCTL_NORMAL; /* default channel map is straight-through */ - for( channel = 0; channel < 64; channel++ ) + for( channel = 0; channel < MAX_CHANNELS; channel++ ) hEncoder->config.channel_map[channel] = channel; /* signature.asc Description: This is a digitally signed message part ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#865909: faac: CVE-2017-9129 CVE-2017-9130
Source: faac Version: 1.28+cvs20151130-1 Severity: important Tags: security upstream Hi, the following vulnerabilities were published for faac. CVE-2017-9129[0]: | The wav_open_read function in frontend/input.c in Freeware Advanced | Audio Coder (FAAC) 1.28 allows remote attackers to cause a denial of | service (large loop) via a crafted wav file. CVE-2017-9130[1]: | The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio | Coder (FAAC) 1.28 allows remote attackers to cause a denial of service | (invalid memory read and application crash) via a crafted wav file. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-9129 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9129 [1] https://security-tracker.debian.org/tracker/CVE-2017-9130 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9130 [2] https://www.exploit-db.com/exploits/42207/ Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers