[Bug 1036969] New: VUL-1: libmad: assertion failure in layer3.c
http://bugzilla.opensuse.org/show_bug.cgi?id=1036969 Bug ID: 1036969 Summary: VUL-1: libmad: assertion failure in layer3.c Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Created attachment 723246 --> http://bugzilla.opensuse.org/attachment.cgi?id=723246&action=edit 00213-libmad-heapoverflow-mad_layer_III_reproducer Ref: https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c... ================================================ Description: libmad stays for “M”peg “A”udio “D”ecoder library. The same testcase provided in the article: libmad: heap-based buffer overflow in mad_layer_III (layer3.c) is able to show an assertion failure if libmad was compiled with debug (–enable-debugging). The complete output of the failure: # madplay -v -i -o raw:out $FILE madplay: /tmp/portage/media-libs/libmad-0.15.1b-r8/work/libmad-0.15.1b/layer3.c:2633: mad_layer_III: Assertion `stream->md_len + md_len - si.main_data_begin <= MAD_BUFFER_MDLEN' failed. Affected version: 0.15.1b Fixed version: N/A Commit fix: N/A Credit: This bug was discovered by Agostino Sarubbo of Gentoo. CVE: N/A Reproducer: https://github.com/asarubbo/poc/blob/master/00213-libmad-heapoverflow-mad_la... Timeline: 2017-01-01: bug discovered and reported to upstream 2017-04-30: blog post about the issue Note: This bug was found with American Fuzzy Lop. ================================================ (open-)SUSE: https://software.opensuse.org/package/libmad 0.15.1b (TW, 42.{1,2}, multimedia:libs repo) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1036969 http://bugzilla.opensuse.org/show_bug.cgi?id=1036969#c1 Mikhail Kasimov <mikhail.kasimov@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|VUL-1: libmad: assertion |VUL-1: CVE-2017-8372: |failure in layer3.c |libmad: assertion failure | |in layer3.c Alias| |CVE-2017-8372 --- Comment #1 from Mikhail Kasimov <mikhail.kasimov@gmail.com> --- CVE-2017-8372: https://nvd.nist.gov/vuln/detail/CVE-2017-8372 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1036969 http://bugzilla.opensuse.org/show_bug.cgi?id=1036969#c2 Andreas Stieger <astieger@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |astieger@suse.com, | |crrodriguez@opensuse.org, | |davejplater@gmail.com, | |idonmez@suse.com, | |jengelh@inai.de, | |jjolly@suse.com, | |mseben@gmail.com, | |ohering@suse.com, | |pascal.bleser@opensuse.org, | |plinnell@opensuse.org, | |prusnak@opensuse.org, | |pth@suse.com, | |sbrabec@suse.com, | |seife@novell.slipkontur.de, | |sreeves@suse.com, | |tchvatal@suse.com, | |tiwai@suse.com, | |wstephenson@suse.com Component|Security |Security Version|Leap 42.2 |Current Assignee|security-team@suse.de |idonmez@suse.com Product|openSUSE Distribution |openSUSE Tumbleweed Target Milestone|--- |Current QA Contact|qa-bugs@suse.de |security-team@suse.de --- Comment #2 from Andreas Stieger <astieger@suse.com> --- libmad is not in the distribution, but submitted to Factory: https://build.opensuse.org/request/show/491354 multimedia:libs/libmad has no maintainer set. Security team requests that project maintainers please set one. Assigning to last involved project maintainer. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1036969 Jan Engelhardt <jengelh@inai.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC|jengelh@inai.de | -- You are receiving this mail because: You are on the CC list for the bug.
participants (2)
-
bugzilla_noreply@novell.com -
bugzilla_noreply@suse.com