[pkg-mad-maintainers] Bug#870406: Bug#870406: libmad: CVE-2017-11552
Kurt Roeckx
kurt at roeckx.be
Tue Aug 1 17:48:01 UTC 2017
On Tue, Aug 01, 2017 at 07:24:56PM +0200, Salvatore Bonaccorso wrote:
> Source: libmad
> Version: 0.15.1b-7
> Severity: important
> Tags: security upstream
>
> Hi,
>
> the following vulnerability was published for libmad.
>
> CVE-2017-11552[0]:
> | The mad_decoder_run function in decoder.c in libmad 0.15.1b allows
> | remote attackers to cause a denial of service (memory corruption) via a
> | crafted MP3 file.
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
I guess you don't have any patch for this?
Kurt
More information about the pkg-mad-maintainers
mailing list