http://bugzilla.opensuse.org/show_bug.cgi?id=1036969 Bug ID: 1036969 Summary: VUL-1: libmad: assertion failure in layer3.c Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Created attachment 723246 --> http://bugzilla.opensuse.org/attachment.cgi?id=723246&action=edit 00213-libmad-heapoverflow-mad_layer_III_reproducer Ref: https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c... ================================================ Description: libmad stays for “M”peg “A”udio “D”ecoder library. The same testcase provided in the article: libmad: heap-based buffer overflow in mad_layer_III (layer3.c) is able to show an assertion failure if libmad was compiled with debug (–enable-debugging). The complete output of the failure: # madplay -v -i -o raw:out $FILE madplay: /tmp/portage/media-libs/libmad-0.15.1b-r8/work/libmad-0.15.1b/layer3.c:2633: mad_layer_III: Assertion `stream->md_len + md_len - si.main_data_begin <= MAD_BUFFER_MDLEN' failed. Affected version: 0.15.1b Fixed version: N/A Commit fix: N/A Credit: This bug was discovered by Agostino Sarubbo of Gentoo. CVE: N/A Reproducer: https://github.com/asarubbo/poc/blob/master/00213-libmad-heapoverflow-mad_la... Timeline: 2017-01-01: bug discovered and reported to upstream 2017-04-30: blog post about the issue Note: This bug was found with American Fuzzy Lop. ================================================ (open-)SUSE: https://software.opensuse.org/package/libmad 0.15.1b (TW, 42.{1,2}, multimedia:libs repo) -- You are receiving this mail because: You are on the CC list for the bug.