Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 23 Jul 2015 04:29:53 +0200
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: Multiple memory corruption vulnerabilities in SoX 14.4.2

On Wed, Jul 22, 2015 at 07:55:42PM +0200, Michele Spagnuolo wrote:
> I would like to report publicly new memory corruption vulnerabilities in
> the latest SoX, 14.4.2 - these have been reported in April 2015 through
> oCERT, but they have notified me they still haven't received a response
> from upstream.
> 
> Please see this shared folder, visible to anybody with the link:
> https://drive.google.com/folderview?id=0B52EFul-UCEIflZhcjlrRGlqcWdER2xJZWR4dmVUQ1RaRGl6a09sbVdGYjg2MER6OHl3aUU&usp=sharing
> 
> The write heap buffer overflows are related to ADPCM handling in WAV files,
> while the read heap buffer overflow is while opening a .VOC.
> 
> For each crash, you have the input file and a .txt with the ASAN output.

I'm not happy about use of external resources like Google Drive or
pastebin for crucial detail.  With Google Drive gone in some years from
now, your message would make little sense.  I understand that the .voc
file was a bit too large for attaching, and I dislike binary attachments
anyway, but at least I've attached the text files with ASAN backtraces,
as text/plain MIME type.  Ideally, you'd have proper analysis and even
smaller testcases rather than just this, but I understand that people's
time is limited.  So whatever we have... but at least we should have it
archived in here.

Alexander

View attachment "asan_heap-oob_53faf1_785_GOTTASAY.txt" of type "text/plain" (1133 bytes)

View attachment "asan_heap-oob_73793c_6614_test_ima_adpcm.txt" of type "text/plain" (1439 bytes)

View attachment "asan_heap-oob_7391b4_8427_wav_ms_adpcm.txt" of type "text/plain" (1341 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ