CVE-2020-23903 speex: divide by zero in read_samples() via crafted WAV file
This commit is contained in:
parent
a869d36b97
commit
aea195d667
|
@ -0,0 +1 @@
|
||||||
|
18ebc3fa3236b4369509e9439acc32d0e864fa7f speex-1.2.0.tar.gz
|
|
@ -0,0 +1,14 @@
|
||||||
|
diff --git a/src/wav_io.c b/src/wav_io.c
|
||||||
|
index b51830158f4defb536a760c93a77567daf69a74b..09d62eb017bb48fe48fa1efcaa122719ef1fe39f 100644
|
||||||
|
--- a/src/wav_io.c
|
||||||
|
+++ b/src/wav_io.c
|
||||||
|
@@ -111,7 +111,7 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32
|
||||||
|
stmp = le_short(stmp);
|
||||||
|
*channels = stmp;
|
||||||
|
|
||||||
|
- if (stmp>2)
|
||||||
|
+ if (stmp>2 || stmp<1)
|
||||||
|
{
|
||||||
|
fprintf (stderr, "Only mono and (intensity) stereo supported\n");
|
||||||
|
return -1;
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
Summary: A voice compression format (codec)
|
Summary: A voice compression format (codec)
|
||||||
Name: speex
|
Name: speex
|
||||||
Version: 1.2.0
|
Version: 1.2.0
|
||||||
Release: 10%{?dist}
|
Release: 11%{?dist}
|
||||||
License: BSD
|
License: BSD
|
||||||
URL: https://www.speex.org/
|
URL: https://www.speex.org/
|
||||||
Source0: https://downloads.xiph.org/releases/speex/%{name}-%{version}.tar.gz
|
Source0: https://downloads.xiph.org/releases/speex/%{name}-%{version}.tar.gz
|
||||||
|
@ -10,6 +10,8 @@ BuildRequires: gcc
|
||||||
BuildRequires: pkgconfig(ogg)
|
BuildRequires: pkgconfig(ogg)
|
||||||
BuildRequires: pkgconfig(speexdsp)
|
BuildRequires: pkgconfig(speexdsp)
|
||||||
|
|
||||||
|
Patch0: speex-CVE-2020-23903.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Speex is a patent-free compression format designed especially for
|
Speex is a patent-free compression format designed especially for
|
||||||
speech. It is specialized for voice communications at low bit-rates in
|
speech. It is specialized for voice communications at low bit-rates in
|
||||||
|
@ -35,6 +37,7 @@ speech. This package contains tools files and user's manual for %{name}.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
|
%patch0 -p1 -b.CVE-2020-23903
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure --disable-static --enable-binaries
|
%configure --disable-static --enable-binaries
|
||||||
|
@ -70,6 +73,10 @@ rm -f $RPM_BUILD_ROOT%{_docdir}/speex/manual.pdf
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Mar 24 2022 Tomas Korbar <tkorbar@redhat.com> - 1.2.0-11
|
||||||
|
- CVE-2020-23903 speex: divide by zero in read_samples() via crafted WAV file
|
||||||
|
- Resolves: CVE-2020-23903
|
||||||
|
|
||||||
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.0-10
|
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.0-10
|
||||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
Related: rhbz#1991688
|
Related: rhbz#1991688
|
||||||
|
|
Loading…
Reference in New Issue