Bug#480059: vorbis-tools vulnerable to CVE-2008-1686
Tomas Hoger
thoger at redhat.com
Fri May 9 06:58:20 UTC 2008
Hi Jamie!
I've noticed your USN-611-[123], which patch speex, vorbis-tools and
gstreamer plugins. However, I believe fix in libspeex/speex_header.c
should be sufficient to address this issue in all affected
applications, as they call speex_packet_to_header(). With patch
applied, it'll return NULL for malformed speex files and the mode check
in speexdec / ogg123 / ... is not reached at all. Or have I missed
anything?
skx, vorbis-tools do not embed whole speex library, only sample client
implementation code. Previous versions of speex required client to
perform part of the sanity checks (and many clients did not do that
properly), so the check was now moved directly to speex library.
HTH
--
Tomas Hoger
More information about the pkg-xiph-maint
mailing list