-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
global buffer overflow in printMP3Headers #75
Comments
Successfully reproduced vulnerability on latest master. As far as I am aware, this issue wasn't assigned a CVE id. I'll request one. |
For the record, this issue was assigned identifier CVE-2017-16898. |
Third byte = I'll submit a PR once we're done with #96. |
The printMP3Headers function in util/listmp3.c processes mp3 files without checking their bitrate values. This leads to bitrate_idx = 15 being used as index in mp2l23_bitrate_table[bitrate_idx] while mp2l23_bitrate_table has only 14 elements. In this commit we add a check rejecting mp3 files declaring invalid bitrates. This commit fixes CVE-2017-16898 (fixes: libming#75).
On libming latest version, a global buffer overflow was found in function printMP3Headers.
testcase : https://github.com/bestshow/p0cs/blob/master/global-buffer-overflow_in_printMP3Headers
Credit : ADLab of Venustech
The text was updated successfully, but these errors were encountered: