diff --git a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2023-32627.patch b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2023-32627.patch new file mode 100644 index 0000000000..b4e9994eab --- /dev/null +++ b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2023-32627.patch @@ -0,0 +1,30 @@ +From b0b7e7fa7a48485c4d6b0ae64bfddedd519716f5 Mon Sep 17 00:00:00 2001 +From: =?utf-8?q?Bastien_Roucari=C3=A8s?= +Date: Sun, 16 Mar 2025 23:25:15 +0100 +Subject: [PATCH] CVE-2023-32627 Filter null sampling rate in VOC coder + +Source: https://salsa.debian.org/lts-team/packages/sox/-/blob/debian/14.4.2+git20190427-1+deb10u3/debian/patches/0028-CVE-2023-32627-Filter-null-sampling-rate-in-VOC-code.patch + +CVE: CVE-2023-32627 +Upstream-Status: Inactive-Upstream [lastrelease: 2015] +Signed-off-by: Peter Marko +--- + src/voc.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/voc.c b/src/voc.c +index 0ca07f94..d8b982c5 100644 +--- a/src/voc.c ++++ b/src/voc.c +@@ -353,6 +353,11 @@ static size_t read_samples(sox_format_t * ft, sox_sample_t * buf, + v->block_remaining = 0; + return done; + } ++ if(uc == 0) { ++ lsx_fail_errno(ft, EINVAL, "invalid rate value"); ++ v->block_remaining = 0; ++ return done; ++ } + *buf = SOX_UNSIGNED_8BIT_TO_SAMPLE(uc,); + lsx_adpcm_init(&v->adpcm, 6 - v->size, SOX_SAMPLE_TO_SIGNED_16BIT(*buf, ft->clips)); + ++buf; diff --git a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb index 94072cb35a..7856407c67 100644 --- a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb +++ b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb @@ -35,6 +35,7 @@ SRC_URI = "git://git.code.sf.net/p/sox/code;protocol=https;branch=master \ file://CVE-2021-40426.patch \ file://CVE-2022-31650.patch \ file://CVE-2022-31651.patch \ + file://CVE-2023-32627.patch \ " # last release was in 2015, use latest hash from 2024-05-30