libmad: Multiple vulnerabilities (CVE-2017-8372, CVE-2017-8373, CVE-2017-8374)
CVE-2017-8372: The mad_layer_III function in layer3.c in Underbit
MAD libmad 0.15.1b, if NDEBUG is omitted,
allows remote attackers to cause a denial of service (assertion failure
and application exit) via a crafted audiofile.
References:
http://openwall.com/lists/oss-security/2017/05/01/7
https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/
CVE-2017-8373: The mad_layer_III function in layer3.c in Underbit
MAD libmad 0.15.1b allows remote
attackers to cause a denial of service (heap-based buffer overflow and
application crash) or possibly
have unspecified other impact via a crafted audio file.
References:
http://openwall.com/lists/oss-security/2017/05/01/8
https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad\_layer\_iii-layer3-c/
CVE-2017-8374: The mad_bit_skip function in bit.c in Underbit MAD
libmad 0.15.1b allows remote attackers to cause
a denial of service (heap-based buffer over-read and application crash)
via a crafted audio file.
References:
http://openwall.com/lists/oss-security/2017/05/01/9
https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad\_bit\_skip-bit-c/
(from redmine: issue id 8905, created on 2018-05-18)
- Relations:
- copied_to #8906 (closed)
- copied_to #8907 (closed)
- copied_to #8908
- copied_to #8909 (closed)
- copied_to #8910
- child #8906 (closed)
- child #8907 (closed)
- child #8908
- child #8909 (closed)
- child #8910