Bug#876780: libvorbis: CVE-2017-14160
Petter Reinholdtsen
pere at hungry.com
Mon Sep 25 22:24:14 UTC 2017
[Salvatore Bonaccorso]
> the following vulnerability was published for libvorbis.
Thank you for following up on this. I hope a fix show up from upstream
for this and other security issues. :)
I was just told on #xiph that this issue also might affect speex:
<daddesio> rillian: speex may also be affected by that
bark_noise_hybridmp bug (CVE-2017-14160) since it includes that very
same function, via vorbis_psy.c.
<daddesio> see:
https://git.xiph.org/?p=speex.git;a=blob;f=libspeex/vorbis_psy.c;h=cb385b7a349486a09a3db20adf225100993111c5;hb=HEAD#l189
I have not verified that this is the case, but thought it best to
mention it here until someone have time to check it out.
--
Happy hacking
Petter Reinholdtsen
More information about the pkg-xiph-maint
mailing list