Date: Mon, 23 Jan 2017 19:38:03 +0100 From: Hanno Böck <hanno@...eck.de> To: oss security list <oss-security@...ts.openwall.com> Subject: wavpack: multiple out of bounds memory reads Hi, Fuzzing wavpack led to the discoverey of several invalid memory reads. global buffer overread in read_code / read_words.c https://sourceforge.net/p/wavpack/mailman/message/35557889/ heap out of bounds read in WriteCaffHeader / caff.c https://sourceforge.net/p/wavpack/mailman/message/35561921/ heap out of bounds read in unreorder_channels / wvunpack.c https://sourceforge.net/p/wavpack/mailman/message/35561939/ heap oob read in read_new_config_info / open_utils.c https://sourceforge.net/p/wavpack/mailman/message/35561939/ All of them have been fixed with a single commit: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc Wavpack 5.1.0 has been released and fixes all issues. -- Hanno Böck https://hboeck.de/ mail/jabber: hanno@...eck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ