Opened 7 years ago
Closed 7 years ago
#8787 closed enhancement (fixed)
opus-1.1.4
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | normal | Milestone: | 8.0 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version.
Change History (3)
comment:1 by , 7 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 7 years ago
Note:
See TracTickets
for help on using tickets.
This Opus 1.1.4 release fixes a single bug. A specially-crafted Opus packet could cause an integer wrap-around in the SILK LSF stabilization code. This would cause an out-of-bounds read 256 bytes before a constant table. In most circumstances, the consequences are harmless and the result is simply noise in the audio.
This was reported as CVE-2017-0381. Contrary to that report, our own analysis shows that no remote code execution is possible. However, we are making this release as a precaution.