Bug#1030049: opusfile: CVE-2022-47021

To: submit@bugs.debian.org
Subject: Bug#1030049: opusfile: CVE-2022-47021
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Mon, 30 Jan 2023 18:47:49 +0100
Message-id: <[🔎] Y9gCxcvy35MJJiFK@pisco.westfalen.local>
Reply-to: Moritz Mühlenhoff <jmm@inutil.org>, 1030049@bugs.debian.org

Source: opusfile
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for opusfile.

CVE-2022-47021[0]:
| A null pointer dereference issue was discovered in functions
| op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12
| allows attackers to cause denial of service or other unspecified
| impacts.

https://github.com/xiph/opusfile/commit/0a4cd796df5b030cb866f3f4a5e41a4b92caddf5
https://github.com/xiph/opusfile/issues/36

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-47021
    https://www.cve.org/CVERecord?id=CVE-2022-47021

Please adjust the affected versions in the BTS as needed.

Reply to:

Prev by Date: libigloo_0.9.2-1_source.changes ACCEPTED into unstable
Next by Date: Processed: found 1030050 in 2:6.1.7+dfsg-3, tagging 1030050, tagging 1030049 ..., found 1030049 in 0.12-3 ...
Previous by thread: libigloo_0.9.2-1_source.changes ACCEPTED into unstable
Next by thread: Processed: found 1030050 in 2:6.1.7+dfsg-3, tagging 1030050, tagging 1030049 ..., found 1030049 in 0.12-3 ...
Index(es):
- Date
- Thread