Re: audiofile: heap-based buffer overflow in MSADPCM::initializeCoefficients (MSADPCM.cpp)

[Solar Designer <solar () openwall com>]

On Sun, Feb 26, 2017 at 11:45:35AM +0000, Agostino Sarubbo wrote:
> ==6096==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61a00001f708 at pc 0x0000004bbc35 bp 
> 0x7ffd65dbabf0 sp 0x7ffd65dba3a0
> READ of size 33872 at 0x61a00001f708 thread T0
>     #0 0x4bbc34 in __asan_memcpy 
> /tmp/portage/sys-devel/llvm-3.9.1/work/llvm-3.9.1.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:413
>     #1 0x7efec209d7df in MSADPCM::initializeCoefficients() 
> /tmp/portage/media-libs/audiofile-0.3.6-r3/work/audiofile-0.3.6/libaudiofile/modules/MSADPCM.cpp:369:3
>     #2 0x7efec209d7df in MSADPCM::createDecompress(Track*, File*, bool, bool, long*)

Agostino asked the list moderators to post to this thread that the above
is CVE-2017-6827.

Alexander

P.S. Next time I'd prefer another moderator to handle this sort of
requests, if any, since I don't care about CVEs much.  I mostly care
about security issues getting brought to this list, which was already
the case.