[Bug 201778] audio/sox: Multiple memory corruption vulnerabilities in SoX 14.4.2
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Jul 23 00:25:19 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201778
Bug ID: 201778
Summary: audio/sox: Multiple memory corruption vulnerabilities
in SoX 14.4.2
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: Individual Port(s)
Assignee: freebsd-ports-bugs at FreeBSD.org
Reporter: jason.unovitch at gmail.com
CC: dnelson at allantgroup.com
Flags: maintainer-feedback?(dnelson at allantgroup.com)
CC: dnelson at allantgroup.com
>From the Google Security Team:
I would like to report publicly new memory corruption vulnerabilities in
the latest SoX, 14.4.2 - these have been reported in April 2015 through
oCERT, but they have notified me they still haven't received a response
from upstream.
Please see this shared folder, visible to anybody with the link:
https://drive.google.com/folderview?id=0B52EFul-UCEIflZhcjlrRGlqcWdER2xJZWR4dmVUQ1RaRGl6a09sbVdGYjg2MER6OHl3aUU&usp=sharing
The write heap buffer overflows are related to ADPCM handling in WAV files,
while the read heap buffer overflow is while opening a .VOC.
For each crash, you have the input file and a .txt with the ASAN output.
Thanks,
Michele Spagnuolo
Google Security Team
Reference: http://seclists.org/oss-sec/2015/q3/167
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list