Vulners
Lucene search
Vorbis Tools oggenc 1.4.0 - '.wav' Denial of Service
| Reporter | Title | Published | Views | Family All 23 |
|---|---|---|---|---|
 | Vorbis Tools oggenc 1.4.0 - .wav Denial of Service Exploit | 31 Jul 201700:00 | – | zdt |
 | Xiph.Org vorbis-tools 'wav_open' function denial of service vulnerability | 3 Aug 201700:00 | – | cnvd |
 | CVE-2017-11331 | 31 Jul 201713:00 | – | cve |
 | CVE-2017-11331 | 31 Jul 201713:00 | – | cvelist |
 | CVE-2017-11331 | 31 Jul 201713:00 | – | debiancve |
 | EUVD-2017-2965 | 7 Oct 202500:30 | – | euvd |
 | Vorbis Tools oggenc 1.4.0 - .wav Denial of Service | 31 Jul 201700:00 | – | exploitpack |
 | CVE-2017-11331 | 31 Jul 201713:29 | – | nvd |
 | DEBIAN-CVE-2017-11331 | 31 Jul 201713:29 | – | osv |
| UBUNTU-CVE-2017-11331 | 31 Jul 201713:29 | – | osv |
10
vorbis-tools oggenc vulnerability
================
Author : qflb.wu
===============
Introduction:
=============
The Vorbis Tools package contains command-line tools useful for encoding, playing or editing files using the Ogg CODEC.
Affected version:
=====
1.4.0
Vulnerability Description:
==========================
the wav_open function in oggenc/audio.c in vorbis-tools 1.4.0 can cause a denial of service(memory allocation error) via a crafted wav file.
./oggenc vorbis-tools_1.4.0_oggenc_memory_allocation_error.wav -o out
==68126==WARNING: AddressSanitizer failed to allocate 0xffffffffffffbc00 bytes
==68126==AddressSanitizer's allocator is terminating the process instead of returning 0
==68126==If you don't like this behavior set allocator_may_return_null=1
==68126==AddressSanitizer CHECK failed: /build/buildd/llvm-toolchain-3.4-3.4/projects/compiler-rt/lib/sanitizer_common/sanitizer_allocator.cc:149 "((0)) != (0)" (0x0, 0x0)
#0 0x46d41f in __asan::AsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/home/a/Downloads/vorbis-tools-1.4.0/oggenc/oggenc+0x46d41f)
#1 0x472c81 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/home/a/Downloads/vorbis-tools-1.4.0/oggenc/oggenc+0x472c81)
#2 0x4719c0 in __sanitizer::AllocatorReturnNull() (/home/a/Downloads/vorbis-tools-1.4.0/oggenc/oggenc+0x4719c0)
#3 0x4674b6 in __interceptor_malloc (/home/a/Downloads/vorbis-tools-1.4.0/oggenc/oggenc+0x4674b6)
#4 0x492896 in wav_open /home/a/Downloads/vorbis-tools-1.4.0/oggenc/audio.c:573
#5 0x496d8e in open_audio_file /home/a/Downloads/vorbis-tools-1.4.0/oggenc/audio.c:86
#6 0x485d0a in main /home/a/Downloads/vorbis-tools-1.4.0/oggenc/oggenc.c:256
#7 0x7f6d9f8dcec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#8 0x47d55c in _start (/home/a/Downloads/vorbis-tools-1.4.0/oggenc/oggenc+0x47d55c)
-----------------
wav->channel_permute = malloc(wav->channels * sizeof(int));
if (wav->channels <= 8)
/* Where we know the mappings, use them. */
memcpy(wav->channel_permute, wav_permute_matrix[wav->channels-1],
sizeof(int) * wav->channels);
else
/* Use a default 1-1 mapping */
for (i=0; i < wav->channels; i++)
wav->channel_permute[i] = i;
return 1;
Andthe code didn't check the return of malloc.
POC:
vorbis-tools_1.4.0_oggenc_memory_allocation_error.wav
CVE:
CVE-2017-11331
Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42397.zipData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
31 Jul 2017 00:00Current
5.4Medium risk
Vulners AI Score5.4
CVSS 24.3
CVSS 3.15.5
EPSS0.01685