Date: Mon, 1 May 2017 11:39:43 +0000 From: "Agostino Sarubbo" <ago@...too.org> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: libmad: assertion failure in layer3.c Description: libmad stays for “M”peg “A”udio “D”ecoder library. The same testcase provided in the article: libmad: heap-based buffer overflow in mad_layer_III (layer3.c) is able to show an assertion failure if libmad was compiled with debug (–enable-debugging). The complete output of the failure: # madplay -v -i -o raw:out $FILE madplay: /tmp/portage/media-libs/libmad-0.15.1b-r8/work/libmad-0.15.1b/layer3.c:2633: mad_layer_III: Assertion `stream->md_len + md_len - si.main_data_begin <= MAD_BUFFER_MDLEN' failed. Affected version: 0.15.1b Fixed version: N/A Commit fix: N/A Credit: This bug was discovered by Agostino Sarubbo of Gentoo. CVE: CVE-2017-8372 Reproducer: https://github.com/asarubbo/poc/blob/master/00213-libmad-heapoverflow-mad_layer_III Timeline: 2017-01-01: bug discovered and reported to upstream 2017-04-30: blog post about the issue 2017-05-01: CVE assigned Note: This bug was found with American Fuzzy Lop. Permalink: https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/ -- Agostino Sarubbo Gentoo Linux Developer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ