Bug ID 1036969
Summary VUL-1: libmad: assertion failure in layer3.c
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.2
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter mikhail.kasimov@gmail.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

Created attachment 723246 [details]
00213-libmad-heapoverflow-mad_layer_III_reproducer

Ref:
https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/
================================================
Description:
libmad stays for ���M���peg ���A���udio ���D���ecoder library.

The same testcase provided in the article: libmad: heap-based buffer overflow
in mad_layer_III (layer3.c) is able to show an assertion failure if libmad was
compiled with debug (���enable-debugging).

The complete output of the failure:

# madplay -v -i -o raw:out $FILE
madplay:
/tmp/portage/media-libs/libmad-0.15.1b-r8/work/libmad-0.15.1b/layer3.c:2633:
mad_layer_III: Assertion `stream->md_len + md_len - si.main_data_begin <=
MAD_BUFFER_MDLEN' failed.

Affected version:
0.15.1b

Fixed version:
N/A

Commit fix:
N/A

Credit:
This bug was discovered by Agostino Sarubbo of Gentoo.

CVE:
N/A

Reproducer:
https://github.com/asarubbo/poc/blob/master/00213-libmad-heapoverflow-mad_layer_III

Timeline:
2017-01-01: bug discovered and reported to upstream
2017-04-30: blog post about the issue

Note:
This bug was found with American Fuzzy Lop.
================================================

(open-)SUSE: https://software.opensuse.org/package/libmad

0.15.1b (TW, 42.{1,2}, multimedia:libs repo)

You are receiving this mail because: