mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-08 05:09:24 +00:00
Code Issues Projects Releases Wiki Activity

taglib: fix CVE-2023-47466

Browse Source 
TagLib before 2.0 allows a segmentation violation and application crash
during tag writing via a crafted WAV file in which an id3 chunk is the
only valid chunk.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-47466

Upstream patch:
https://github.com/taglib/taglib/commit/dfa33bec0806cbb45785accb8cc6c2048a7d40cf

(From OE-Core rev: bcf0102e0e9ecf55106eafcc4c2ad8b2e7ad762b)

Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Jiaying Song
2025-06-04 14:59:05 +08:00
committed by Steve Sakoman
parent 9a368c7b92
commit 179c5dc17f
2 changed files with 41 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-support/taglib/files/CVE-2023-47466.patch
+38
View File
@@ -0,0 +1,38 @@
From 41c1c2b3609fc542e357cc80185d90a9a6fccc1a Mon Sep 17 00:00:00 2001
From: Urs Fleisch <ufleisch@users.sourceforge.net>
Date: Sun, 5 Nov 2023 14:40:18 +0100
Subject: [PATCH] Fix crash with invalid WAV files (#1163) (#1164)
With specially crafted WAV files having the "id3 " chunk as the
only valid chunk, when trying to write the tags, the existing
"id3 " chunk is removed, and then vector::front() is called on
the now empty chunks vector.
Now it is checked if the vector is empty to avoid the crash.
CVE: CVE-2023-47466
Upstream-Status: Backport
[https://github.com/taglib/taglib/commit/dfa33bec0806cbb45785accb8cc6c2048a7d40cf]
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
---
taglib/riff/rifffile.cpp | 3 +++
1 file changed, 3 insertions(+)
diff --git a/taglib/riff/rifffile.cpp b/taglib/riff/rifffile.cpp
index 005551f..f615e6c 100644
--- a/taglib/riff/rifffile.cpp
+++ b/taglib/riff/rifffile.cpp
@@ -361,6 +361,9 @@ void RIFF::File::writeChunk(const ByteVector &name, const ByteVector &data,
void RIFF::File::updateGlobalSize()
{
+ if(d->chunks.empty())
+ return;
+
const Chunk first = d->chunks.front();
const Chunk last = d->chunks.back();
d->size = last.offset + last.size + last.padding - first.offset + 12;
--
2.34.1
meta/recipes-support/taglib/taglib_1.12.bb
+3 -1
View File
@@ -9,7 +9,9 @@ LIC_FILES_CHKSUM = "file://COPYING.LGPL;md5=4fbd65380cdd255951079008b364516c \
DEPENDS = "zlib"
SRC_URI = "http://taglib.github.io/releases/${BP}.tar.gz"
SRC_URI = "http://taglib.github.io/releases/${BP}.tar.gz \
file://CVE-2023-47466.patch \
"
SRC_URI[md5sum] = "4313ed2671234e029b7af8f97c84e9af"
SRC_URI[sha256sum] = "7fccd07669a523b07a15bd24c8da1bbb92206cb19e9366c3692af3d79253b703"