Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 14 Mar 2017 23:00:26 +0100
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: audiofile: heap-based buffer overflow in MSADPCM::initializeCoefficients (MSADPCM.cpp)

On Sun, Feb 26, 2017 at 11:45:35AM +0000, Agostino Sarubbo wrote:
> ==6096==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61a00001f708 at pc 0x0000004bbc35 bp 0x7ffd65dbabf0 sp 0x7ffd65dba3a0
> READ of size 33872 at 0x61a00001f708 thread T0
>     #0 0x4bbc34 in __asan_memcpy /tmp/portage/sys-devel/llvm-3.9.1/work/llvm-3.9.1.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:413
>     #1 0x7efec209d7df in MSADPCM::initializeCoefficients() /tmp/portage/media-libs/audiofile-0.3.6-r3/work/audiofile-0.3.6/libaudiofile/modules/MSADPCM.cpp:369:3
>     #2 0x7efec209d7df in MSADPCM::createDecompress(Track*, File*, bool, bool, long*)

Agostino asked the list moderators to post to this thread that the above
is CVE-2017-6827.

Alexander

P.S. Next time I'd prefer another moderator to handle this sort of
requests, if any, since I don't care about CVEs much.  I mostly care
about security issues getting brought to this list, which was already
the case.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ