Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 23 Jan 2017 19:38:03 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss security list <oss-security@...ts.openwall.com>
Subject: wavpack: multiple out of bounds memory reads

Hi,

Fuzzing wavpack led to the discoverey of several invalid memory reads.

global buffer overread in read_code / read_words.c
https://sourceforge.net/p/wavpack/mailman/message/35557889/

heap out of bounds read in WriteCaffHeader / caff.c
https://sourceforge.net/p/wavpack/mailman/message/35561921/

heap out of bounds read in unreorder_channels / wvunpack.c
https://sourceforge.net/p/wavpack/mailman/message/35561939/

heap oob read in read_new_config_info / open_utils.c
https://sourceforge.net/p/wavpack/mailman/message/35561939/


All of them have been fixed with a single commit:
https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc

Wavpack 5.1.0 has been released and fixes all issues.

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ