Les articles publiés sur le site
-
20 novembre 2014, par Erik de Castro Lopo
src/libFACL/stream_decoder.c : Fail safely to avoid a heap overflow.
A file provided by the reporters caused the stream decoder to write to
un-allocated heap space resulting in a segfault. The solution is to
error out (by returning false from read_residual_partitioned_rice_())
instead of trying to continue to decode.
Fixes: CVE-2014-9028
Reported-by: Michele Spagnuolo,
Google Security Team <mikispag@google.com>
- [DH] src/libFLAC/stream_decoder.c
-
18 novembre 2014, par Erik de Castro Lopo
src/libFLAC/stream_decoder.c : Fix buffer read overflow.
This is CVE-2014-8962.
Reported-by: Michele Spagnuolo,
Google Security Team <mikispag@google.com>
- [DH] src/libFLAC/stream_decoder.c
-
18 novembre 2014, par Erik de Castro Lopo
src/libFLAC/metadata_iterators.c : Remove bad asserts.
These asserts caused compile failures with -DDEBUG.
- [DH] src/libFLAC/metadata_iterators.c
-
16 novembre 2014, par Martijn van Beurden
libFLAC: fix more problems with new window functions
This fixes two problems with handling of out-of-bounds arguments
for the window functions, one of which involving an infinite loop
Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
- [DH] src/libFLAC/window.c
-
15 novembre 2014, par Erik de Castro Lopo
Improve description of encoding preset equivalents.
Patch-from: lvqcl <lvqcl.mail@gmail.com>
- [DH] man/flac.1
- [DH] man/flac.sgml
- [DH] src/flac/main.c
