New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
stack buffer overflow while running wavpack #27
Comments
|
Thanks for filing this; I appreciate it! It should be fixed in d5bf76b However, I do have a question. It is indicated that a remote attacker could exploit this issue. I am not a security expert by any measure, but I don't understand how that would happen. To exploit this an attacker would have to get a user to download a malicious WAV file and then have the user attempt to compress the file with the wavpack command-line program (which is not a default hander for any file type). Am I missing something? |
|
That would be the attack scenario, I guess. I'm not sure if Joonun Jang had something else in mind as well. |
|
Okay, cool, thanks for confirming my assumption. I'll get to the other two in a few days. |
|
This issue has been assigned CVE-2018-6767 |
Forwarding a bug report we received in the Debian bug tracker (https://bugs.debian.org/889276):
stack buffer overflow running wavpack with "-y poc.wav" option
Running 'wavpack -y poc.wav' with the attached file raises stack buffer overflow
which may allow a remote attacker to cause unspecified impact including denial-of-service attack
I expected the program to terminate without segfault, but the program crashes as follow
This bug was found with a fuzzer developed by 'SoftSec' group at KAIST
poc.wav can be downloaded from https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=889276;filename=poc.wav;msg=5.
The text was updated successfully, but these errors were encountered: