[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170123193803.4abc7401@pc1>
Date: Mon, 23 Jan 2017 19:38:03 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss security list <oss-security@...ts.openwall.com>
Subject: wavpack: multiple out of bounds memory reads
Hi,
Fuzzing wavpack led to the discoverey of several invalid memory reads.
global buffer overread in read_code / read_words.c
https://sourceforge.net/p/wavpack/mailman/message/35557889/
heap out of bounds read in WriteCaffHeader / caff.c
https://sourceforge.net/p/wavpack/mailman/message/35561921/
heap out of bounds read in unreorder_channels / wvunpack.c
https://sourceforge.net/p/wavpack/mailman/message/35561939/
heap oob read in read_new_config_info / open_utils.c
https://sourceforge.net/p/wavpack/mailman/message/35561939/
All of them have been fixed with a single commit:
https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc
Wavpack 5.1.0 has been released and fixes all issues.
--
Hanno Böck
https://hboeck.de/
mail/jabber: hanno@...eck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
