oss-sec mailing list archives
Re: mpg123: global buffer overflow in III_i_stereo (layer3.c)
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Mon, 10 Jul 2017 19:04:37 -0700
It's hard to see a security issue here
I'm not sure this applies here, but the use of uninitialized memory can be an issue when, say, a website calls your code to convert user-controlled audio (e.g., to optimize it for streaming). For libraries, this could leak some information about the audio converted for other users, possibly revealing it to the attacker. For one-shot conversions with a command-line tool, this is unlikely, but the uninitialized memory could still end up leaking some system-specific secrets (e.g., ASLR memory layout, credentials, etc). Not that this is necessarily a risk here; depends on how much memory is accessed, what happens with it later on, whether anyone is even using the library / tool this way, whether doing so is sane in the first place, etc. /mz
Current thread:
- mpg123: global buffer overflow in III_i_stereo (layer3.c) Agostino Sarubbo (Jul 10)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Dr. Thomas Orgis (Jul 10)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Agostino Sarubbo (Jul 10)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Seth Arnold (Jul 10)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Kurt Seifried (Jul 10)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Michal Zalewski (Jul 10)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Kurt Seifried (Jul 10)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Dr. Thomas Orgis (Jul 11)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Jonas Thiem (Jul 11)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Dr. Thomas Orgis (Jul 11)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Dr. Thomas Orgis (Jul 10)