Description
A segmentation fault vulnerability in alsa-lib v1.2.15.3. When snd_config_load_string() parses a crafted ALSA configuration text, the parser produces an inconsistent linked-list state during array/composite node handling, causing list_del() to access an uninitialized pointer and trigger a SEGV.
Impact
- Denial-of-service via process crash
- Any application processing untrusted ALSA configuration text is affected
Reproduction
All materials are available in my research repository:
https://github.com/eglonnnn/opensource-fuzz-vulnerability-research/tree/main/SEGV%20in%20alsa-lib%20snd_config_load_string
Description
A segmentation fault vulnerability in alsa-lib v1.2.15.3. When
snd_config_load_string()parses a crafted ALSA configuration text, the parser produces an inconsistent linked-list state during array/composite node handling, causinglist_del()to access an uninitialized pointer and trigger a SEGV.Impact
Reproduction
All materials are available in my research repository:
https://github.com/eglonnnn/opensource-fuzz-vulnerability-research/tree/main/SEGV%20in%20alsa-lib%20snd_config_load_string