Date: Thu, 23 Jul 2015 04:29:53 +0200 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: Multiple memory corruption vulnerabilities in SoX 14.4.2 On Wed, Jul 22, 2015 at 07:55:42PM +0200, Michele Spagnuolo wrote: > I would like to report publicly new memory corruption vulnerabilities in > the latest SoX, 14.4.2 - these have been reported in April 2015 through > oCERT, but they have notified me they still haven't received a response > from upstream. > > Please see this shared folder, visible to anybody with the link: > https://drive.google.com/folderview?id=0B52EFul-UCEIflZhcjlrRGlqcWdER2xJZWR4dmVUQ1RaRGl6a09sbVdGYjg2MER6OHl3aUU&usp=sharing > > The write heap buffer overflows are related to ADPCM handling in WAV files, > while the read heap buffer overflow is while opening a .VOC. > > For each crash, you have the input file and a .txt with the ASAN output. I'm not happy about use of external resources like Google Drive or pastebin for crucial detail. With Google Drive gone in some years from now, your message would make little sense. I understand that the .voc file was a bit too large for attaching, and I dislike binary attachments anyway, but at least I've attached the text files with ASAN backtraces, as text/plain MIME type. Ideally, you'd have proper analysis and even smaller testcases rather than just this, but I understand that people's time is limited. So whatever we have... but at least we should have it archived in here. Alexander View attachment "asan_heap-oob_53faf1_785_GOTTASAY.txt" of type "text/plain" (1133 bytes) View attachment "asan_heap-oob_73793c_6614_test_ima_adpcm.txt" of type "text/plain" (1439 bytes) View attachment "asan_heap-oob_7391b4_8427_wav_ms_adpcm.txt" of type "text/plain" (1341 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ