Codebase list faad2 / 1e1d447
changelog: add missing CVE identifiers and entries + add missing "fix crash with unsupported MP4 files" entry. + add missing CVE identifiers + refer to the "root" issue when describing security issues. In this case refering to the consequence (stack buffer overflow, NULL pointer dereference, etc.) makes less sense since there are numerous duplicates for each issue. Hugo Lefeuvre authored 4 years ago Hugo Lefeuvre committed 4 years ago
1 changed file(s) with 12 addition(s) and 11 deletion(s). Raw diff Collapse all Expand all
+12
-11
ChangeLog less more
2020 * ignoring .user files from Visual Studio
2121
2222 [ Hugo Lefeuvre ]
23 * CVE-2019-6956: Buffer over read in the function ps_mix_phase()
24 (libfaad/ps_dec.c) (Closes: #914641).
25 * CVE-2018-20196: Stack buffer overflow in the function calculate_gain
26 (libfaad/sbr_hfadj.c).
27 * CVE-2018-20199, CVE-2018-20360: NULL pointer dereference in the function
28 ifilter_bank (libfaad/filtbank.c).
29 * CVE-2018-20362: NULL pointer dereference vulnerability in the function
30 ifilter_bank (libfaad/filtbank.c:275).
31 * CVE-2018-20194: Stack buffer underflow in function
32 calculate_gain(libfaad/sbr_hfadj.c:1314).
23 * Fix crash with unsupported MP4 files (NULL pointer dereference,
24 division by zero)
25 * CVE-2019-6956: ps_dec: sanitize iid_index before mixing
26 * CVE-2018-20196: sbr_fbt: sanitize sbr->M (should not exceed MAX_M)
27 * CVE-2018-20199, CVE-2018-20360: specrec: better handle unexpected
28 parametric stereo (PS)
29 * CVE-2018-20362, CVE-2018-19504, CVE-2018-20195, CVE-2018-20198,
30 CVE-2018-20358: syntax.c: check for syntax element inconsistencies
31 * CVE-2018-20194, CVE-2018-19503, CVE-2018-20197, CVE-2018-20357,
32 CVE-2018-20359, CVE-2018-20361: sbr_hfadj: sanitize frequency band
33 borders
3334
3435 [ Hugo Beauzée-Luyssen ]
35 * Fix a couple buffer overflows
36 * CVE-2019-15296, CVE-2018-19502: Fix a couple buffer overflows
3637
3738 [ Filip Roséen ]
3839 * Add patch to prevent crash on SCE followed by CPE