Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

libao 1.2.0 - Denial of Service

🗓️ 31 Jul 2017 00:00:00Reported by qflb.wuType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 32 Views

Libao 1.2.0 has a memory corruption vulnerability causing denial of service with crafted mp3 files.

Related
Code
ReporterTitlePublishedViews
Family
0day.today		libao 1.2.0 - Denial of Service Exploit
31 Jul 201700:00
zdt
AlpineLinux		CVE-2017-11548
31 Jul 201713:00
alpinelinux
CBLMariner		CVE-2017-11548 affecting package libao 1.2.0-24
12 Jan 202509:15
cbl_mariner
CNVD		Xiph.Org libao '_tokenize_matrix' function denial of service vulnerability
3 Aug 201700:00
cnvd
CVE		CVE-2017-11548
31 Jul 201713:00
cve
Cvelist		CVE-2017-11548
31 Jul 201713:00
cvelist
Debian CVE		CVE-2017-11548
31 Jul 201713:00
debiancve
EUVD		EUVD-2017-3164
7 Oct 202500:30
euvd
exploitpack		libao 1.2.0 - Denial of Service
31 Jul 201700:00
exploitpack
Fedora		[SECURITY] Fedora 28 Update: libao-1.2.0-13.fc28
4 Aug 201821:46
fedora
Rows per page
libao memory corruption vulnerability
================
Author : qflb.wu
===============


Introduction:
=============
Libao is a cross-platform audio library that allows programs to output audio using a simple API on a wide variety of platforms.


Affected version:
=====
1.2.0


Vulnerability Description:
==========================
the _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 can cause a denial of service(memory corruption) via a crafted mp3 file.


I found this bug when I test mpg321 0.3.2 which used the libao library.


./mpg321 libao_1.2.0_memory_corruption.mp3


----debug info:----
Program received signal SIGSEGV, Segmentation fault.
_int_malloc (av=av@entry=0x7ffff6f7f760 <main_arena>, bytes=bytes@entry=3)
    at malloc.c:3740
3740malloc.c: No such file or directory.
(gdb) bt
#0  _int_malloc (av=av@entry=0x7ffff6f7f760 <main_arena>, bytes=bytes@entry=3)
    at malloc.c:3740
#1  0x00007ffff6c442cc in __libc_calloc (n=<optimized out>, 
    elem_size=<optimized out>) at malloc.c:3219
#2  0x00007ffff728e189 in _tokenize_matrix () from /usr/local/lib/libao.so.4
#3  0x00007ffff728e607 in _matrix_to_channelmask ()
   from /usr/local/lib/libao.so.4
#4  0x00007ffff72906f2 in _open_device () from /usr/local/lib/libao.so.4
#5  0x000000000040a6aa in open_ao_playdevice (header=header@entry=0x624af8)
    at ao.c:411
#6  0x0000000000407e50 in output (data=<optimized out>, header=0x624af8, 
    pcm=0x627f44) at mad.c:974
#7  0x00007ffff749a85c in run_sync (decoder=0x7fffffffbc40) at decoder.c:439
#8  0x00007ffff749ab38 in mad_decoder_run (
    decoder=decoder@entry=0x7fffffffbc40, 
    mode=mode@entry=MAD_DECODER_MODE_SYNC) at decoder.c:557
#9  0x0000000000403d5d in main (argc=<optimized out>, argv=<optimized out>)
    at mpg321.c:1092
(gdb) 


POC:
libao_1.2.0_memory_corruption.mp3
CVE:
CVE-2017-11548


Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42400.zip

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
31 Jul 2017 00:00Current
5.4Medium risk
Vulners AI Score5.4
CVSS 24.3
CVSS 3.15.5
EPSS0.02008
libao vulnerability denial of service memory corruption affected version 1.2.0 proof of concept
32