oss-sec mailing list archives
Re: CVE Request : Several Bugs Found on Libflac 1.3.1 and Libtta++-2.2
From: Hanno Böck <hanno () hboeck de>
Date: Sat, 14 Feb 2015 13:30:32 +0100
Hi, On Fri, 13 Feb 2015 21:44:10 +0800 Zhenghao Hu <zhenghaohuu () gmail com> wrote:
Several bugs found in the latest libflac and libtta codec fuzzing with AFL ( http://lcamtuf.coredump.cx/afl/), working together with Nie Sen, from K33nTeam.
I think I haven't posted this here yet: Also recently fuzzed flac with afl and found something: https://git.xiph.org/?p=flac.git;a=commit;h=43ba7ad05f1656e885ce2f34a9a72494f45705ae https://sourceforge.net/p/flac/bugs/421/ Crashing sample is attached to the bug report. What happens is that flac does an malloc for the number of comments. If that fails due to an insane number of comments it'll fail, but it will still try to access the non-allocated memory. I think the upstream fix is not optimal - it limits the amount of allowed comments. That probably fixes this in most situations, but it still leaves problems, because it doesn't check for malloc failures. cu, -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- CVE Request : Several Bugs Found on Libflac 1.3.1 and Libtta++-2.2 Zhenghao Hu (Feb 13)
- Re: CVE Request : Several Bugs Found on Libflac 1.3.1 and Libtta++-2.2 Hanno Böck (Feb 14)
- Re: CVE Request : Several Bugs Found on Libflac 1.3.1 and Libtta++-2.2 Vasyl Kaigorodov (Feb 16)
- Re: CVE Request : Several Bugs Found on Libflac 1.3.1 and Libtta++-2.2 Zhenghao Hu (Feb 16)
- Re: CVE Request : Several Bugs Found on Libflac 1.3.1 and Libtta++-2.2 Zhenghao Hu (Feb 25)
- Re: CVE Request : Several Bugs Found on Libflac 1.3.1 and Libtta++-2.2 Zhenghao Hu (Feb 16)