oss-sec mailing list archives
wavpack: multiple out of bounds memory reads
From: Hanno Böck <hanno () hboeck de>
Date: Mon, 23 Jan 2017 19:38:03 +0100
Hi, Fuzzing wavpack led to the discoverey of several invalid memory reads. global buffer overread in read_code / read_words.c https://sourceforge.net/p/wavpack/mailman/message/35557889/ heap out of bounds read in WriteCaffHeader / caff.c https://sourceforge.net/p/wavpack/mailman/message/35561921/ heap out of bounds read in unreorder_channels / wvunpack.c https://sourceforge.net/p/wavpack/mailman/message/35561939/ heap oob read in read_new_config_info / open_utils.c https://sourceforge.net/p/wavpack/mailman/message/35561939/ All of them have been fixed with a single commit: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc Wavpack 5.1.0 has been released and fixes all issues. -- Hanno Böck https://hboeck.de/ mail/jabber: hanno () hboeck de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Current thread:
- wavpack: multiple out of bounds memory reads Hanno Böck (Jan 23)
- Re: wavpack: multiple out of bounds memory reads cve-assign (Jan 28)