Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 23 Jan 2017 19:38:03 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss security list <oss-security@...ts.openwall.com>
Subject: wavpack: multiple out of bounds memory reads

Hi,

Fuzzing wavpack led to the discoverey of several invalid memory reads.

global buffer overread in read_code / read_words.c
https://sourceforge.net/p/wavpack/mailman/message/35557889/

heap out of bounds read in WriteCaffHeader / caff.c
https://sourceforge.net/p/wavpack/mailman/message/35561921/

heap out of bounds read in unreorder_channels / wvunpack.c
https://sourceforge.net/p/wavpack/mailman/message/35561939/

heap oob read in read_new_config_info / open_utils.c
https://sourceforge.net/p/wavpack/mailman/message/35561939/


All of them have been fixed with a single commit:
https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc

Wavpack 5.1.0 has been released and fixes all issues.

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.