Date: Mon, 23 Jan 2017 19:38:03 +0100 From: Hanno Böck <hanno@...eck.de> To: oss security list <oss-security@...ts.openwall.com> Subject: wavpack: multiple out of bounds memory reads Hi, Fuzzing wavpack led to the discoverey of several invalid memory reads. global buffer overread in read_code / read_words.c https://sourceforge.net/p/wavpack/mailman/message/35557889/ heap out of bounds read in WriteCaffHeader / caff.c https://sourceforge.net/p/wavpack/mailman/message/35561921/ heap out of bounds read in unreorder_channels / wvunpack.c https://sourceforge.net/p/wavpack/mailman/message/35561939/ heap oob read in read_new_config_info / open_utils.c https://sourceforge.net/p/wavpack/mailman/message/35561939/ All of them have been fixed with a single commit: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc Wavpack 5.1.0 has been released and fixes all issues. -- Hanno Böck https://hboeck.de/ mail/jabber: hanno@...eck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.