git: 5ee341871994 - main - security/vuxml: Document libsndfile vulnerability
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 08 Nov 2023 22:30:28 UTC
The branch main has been updated by diizzy:
URL: https://cgit.FreeBSD.org/ports/commit/?id=5ee3418719947dd836ddd420c20c7d948ac4c01a
commit 5ee3418719947dd836ddd420c20c7d948ac4c01a
Author: Daniel Engberg <diizzy@FreeBSD.org>
AuthorDate: 2023-11-08 22:29:16 +0000
Commit: Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2023-11-08 22:29:20 +0000
security/vuxml: Document libsndfile vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2022-33065
---
security/vuxml/vuln/2023.xml | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index 3637937e4807..b609656891da 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1,3 +1,32 @@
+ <vuln vid="4ade0c4d-7e83-11ee-9a8c-00155d01f201">
+ <topic>libsndfile_project -- Integer overflow in dataend calculation</topic>
+ <affects>
+ <package>
+ <name>libsndfile</name>
+ <range><lt>1.2.2_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>cve@mitre.org reports:</p>
+ <blockquote cite="https://github.com/libsndfile/libsndfile/issues/789">
+ <p>Multiple signed integers overflow in function au_read_header in
+ src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c
+ in Libsndfile, allows an attacker to cause Denial of Service or
+ other unspecified impacts.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2022-33065</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2022-33065</url>
+ </references>
+ <dates>
+ <discovery>2023-07-18</discovery>
+ <entry>2023-11-08</entry>
+ </dates>
+ </vuln>
+
<vuln vid="77fc311d-7e62-11ee-8290-a8a1599412c6">
<topic>chromium -- security update</topic>
<affects>