oss-sec mailing list archives
libmad: assertion failure in layer3.c
From: "Agostino Sarubbo" <ago () gentoo org>
Date: Mon, 1 May 2017 11:39:43 +0000
Description: libmad stays for “M”peg “A”udio “D”ecoder library. The same testcase provided in the article: libmad: heap-based buffer overflow in mad_layer_III (layer3.c) is able to show an assertion failure if libmad was compiled with debug (–enable-debugging). The complete output of the failure: # madplay -v -i -o raw:out $FILE madplay: /tmp/portage/media-libs/libmad-0.15.1b-r8/work/libmad-0.15.1b/layer3.c:2633: mad_layer_III: Assertion `stream->md_len + md_len - si.main_data_begin <= MAD_BUFFER_MDLEN' failed. Affected version: 0.15.1b Fixed version: N/A Commit fix: N/A Credit: This bug was discovered by Agostino Sarubbo of Gentoo. CVE: CVE-2017-8372 Reproducer: https://github.com/asarubbo/poc/blob/master/00213-libmad-heapoverflow-mad_layer_III Timeline: 2017-01-01: bug discovered and reported to upstream 2017-04-30: blog post about the issue 2017-05-01: CVE assigned Note: This bug was found with American Fuzzy Lop. Permalink: https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/ -- Agostino Sarubbo Gentoo Linux Developer
Current thread:
- libmad: assertion failure in layer3.c Agostino Sarubbo (May 01)