Date: Tue, 14 Mar 2017 23:00:26 +0100 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: audiofile: heap-based buffer overflow in MSADPCM::initializeCoefficients (MSADPCM.cpp) On Sun, Feb 26, 2017 at 11:45:35AM +0000, Agostino Sarubbo wrote: > ==6096==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61a00001f708 at pc 0x0000004bbc35 bp 0x7ffd65dbabf0 sp 0x7ffd65dba3a0 > READ of size 33872 at 0x61a00001f708 thread T0 > #0 0x4bbc34 in __asan_memcpy /tmp/portage/sys-devel/llvm-3.9.1/work/llvm-3.9.1.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:413 > #1 0x7efec209d7df in MSADPCM::initializeCoefficients() /tmp/portage/media-libs/audiofile-0.3.6-r3/work/audiofile-0.3.6/libaudiofile/modules/MSADPCM.cpp:369:3 > #2 0x7efec209d7df in MSADPCM::createDecompress(Track*, File*, bool, bool, long*) Agostino asked the list moderators to post to this thread that the above is CVE-2017-6827. Alexander P.S. Next time I'd prefer another moderator to handle this sort of requests, if any, since I don't care about CVEs much. I mostly care about security issues getting brought to this list, which was already the case.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ