14aa0f5ec1
This fix is integrated in Debian. The CVEs are not reported by pkg-stats because the NVD database has associated it to the sox_project:sox vendor/product CPE. This has been reported to NVD: https://lore.kernel.org/buildroot/20250517220322.4da9bdb3@windsurf/ Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Julien Olivain <ju.o@free.fr>
39 lines
1.2 KiB
Diff
39 lines
1.2 KiB
Diff
From 54455f59305d9ce94cc73100bc2dd542865fed4b Mon Sep 17 00:00:00 2001
|
|
From: Helmut Grohne <helmut@subdivi.de>
|
|
Date: Sat, 17 May 2025 22:33:16 +0200
|
|
Subject: [PATCH] hcom: validate dictsize
|
|
|
|
Bug: https://sourceforge.net/p/sox/bugs/350/
|
|
Bug: https://sourceforge.net/p/sox/bugs/352/
|
|
Bug-Debian: https://bugs.debian.org/1021133
|
|
Bug-Debian: https://bugs.debian.org/1021134
|
|
|
|
This patch fixes both CVE-2021-23159 and CVE-2021-23172.
|
|
|
|
Upstream: https://sourceforge.net/p/sox/bugs/350/
|
|
Upstream: https://sourceforge.net/p/sox/bugs/352/
|
|
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
|
---
|
|
src/hcom.c | 5 +++++
|
|
1 file changed, 5 insertions(+)
|
|
|
|
diff --git a/src/hcom.c b/src/hcom.c
|
|
index 594c8706..9e8b03c6 100644
|
|
--- a/src/hcom.c
|
|
+++ b/src/hcom.c
|
|
@@ -141,6 +141,11 @@ static int startread(sox_format_t * ft)
|
|
return (SOX_EOF);
|
|
}
|
|
lsx_readw(ft, &dictsize);
|
|
+ if (dictsize == 0 || dictsize > 511)
|
|
+ {
|
|
+ lsx_fail_errno(ft, SOX_EHDR, "Implausible dictionary size in HCOM header");
|
|
+ return SOX_EOF;
|
|
+ }
|
|
|
|
/* Translate to sox parameters */
|
|
ft->encoding.encoding = SOX_ENCODING_HCOM;
|
|
--
|
|
2.49.0
|
|
|