Date: Mon, 1 May 2017 11:39:43 +0000 From: "Agostino Sarubbo" <ago@...too.org> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: libmad: assertion failure in layer3.c Description: libmad stays for “M”peg “A”udio “D”ecoder library. The same testcase provided in the article: libmad: heap-based buffer overflow in mad_layer_III (layer3.c) is able to show an assertion failure if libmad was compiled with debug (–enable-debugging). The complete output of the failure: # madplay -v -i -o raw:out $FILE madplay: /tmp/portage/media-libs/libmad-0.15.1b-r8/work/libmad-0.15.1b/layer3.c:2633: mad_layer_III: Assertion `stream->md_len + md_len - si.main_data_begin <= MAD_BUFFER_MDLEN' failed. Affected version: 0.15.1b Fixed version: N/A Commit fix: N/A Credit: This bug was discovered by Agostino Sarubbo of Gentoo. CVE: CVE-2017-8372 Reproducer: https://github.com/asarubbo/poc/blob/master/00213-libmad-heapoverflow-mad_layer_III Timeline: 2017-01-01: bug discovered and reported to upstream 2017-04-30: blog post about the issue 2017-05-01: CVE assigned Note: This bug was found with American Fuzzy Lop. Permalink: https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/ -- Agostino Sarubbo Gentoo Linux Developer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.