aacplusenc -- denial of service

ID 7801B1E1-99B4-42AC-AB22-7646235E7C16
Type freebsd
Reporter FreeBSD
Modified 2017-09-07T00:00:00


Gentoo developers report:

DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 allows remote attackers to cause a denial of service (invalid memory write, SEGV on unknown address 0x000000000030, and application crash) or possibly have unspecified other impact via a crafted .wav file, aka a NULL pointer dereference.