soundtouch: Multiple vulnerabilities (CVE-2018-17096, CVE-2018-17097, CVE-2018-17098)
CVE-2018-17096: Assertion failure in BPMDetect class in BPMDetect.cpp
The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli
Parviainen SoundTouch 2.0 allows remote attackers
to cause a denial of service (assertion failure and application exit),
as demonstrated by SoundStretch.
References:
https://gitlab.com/soundtouch/soundtouch/issues/14
https://github.com/TeamSeri0us/pocs/tree/master/soundtouch/2018\_09\_03
Patch:
https://gitlab.com/soundtouch/soundtouch/commit/a1c400eb2cff849c0e5f9d6916d69ffea3ad2c85
CVE-2018-17097: Out-of-bounds heap write in WavOutFile::write()
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0
allows remote attackers to cause
a denial of service (double free) or possibly have unspecified other
impact, as demonstrated by SoundStretch.
References:
https://github.com/TeamSeri0us/pocs/tree/master/soundtouch/2018\_09\_03
Patch:
https://gitlab.com/soundtouch/soundtouch/commit/7f594f8b7d10bbc16a4a31de8ec5a279af9c7378
CVE-2018-17098: Heap corruption in WavFileBase class in WavFile.cpp
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0
allows remote attackers to cause a denial of service
(heap corruption from size inconsistency) or possibly have unspecified
other impact, as demonstrated by SoundStretch.
References:
https://gitlab.com/soundtouch/soundtouch/issues/14
https://github.com/TeamSeri0us/pocs/tree/master/soundtouch/2018\_09\_03
Patch:
https://gitlab.com/soundtouch/soundtouch/commit/7f594f8b7d10bbc16a4a31de8ec5a279af9c7378
(from redmine: issue id 9880, created on 2019-01-21)
- Relations:
- child #9881 (closed)
- child #9882 (closed)