Vulners
Lucene search
libmad 0.15.1b - mp3 Memory Corruption Exploit
| Reporter | Title | Published | Views | Family All 32 |
|---|---|---|---|---|
 | CVE-2017-11552 | 1 Aug 201713:00 | – | alpinelinux |
 | libmad 'mad_decoder_run' function denial of service vulnerability | 3 Aug 201700:00 | – | cnvd |
 | CVE-2017-11552 | 1 Aug 201713:00 | – | cve |
 | CVE-2017-11552 | 1 Aug 201713:00 | – | cvelist |
 | CVE-2017-11552 | 1 Aug 201713:00 | – | debiancve |
 | libmad 0.15.1b - 'mp3' Memory Corruption | 1 Aug 201700:00 | – | exploitdb |
 | EUVD-2017-3168 | 7 Oct 202500:30 | – | euvd |
 | libmad 0.15.1b - mp3 Memory Corruption | 1 Aug 201700:00 | – | exploitpack |
 | [SECURITY] Fedora 27 Update: libmad-0.15.1b-26.fc27 | 5 Oct 201815:59 | – | fedora |
| [SECURITY] Fedora 29 Update: libmad-0.15.1b-26.fc29 | 2 Oct 201819:36 | – | fedora |
10
libmad memory corruption vulnerability
================
Author : qflb.wu
===============
Introduction:
=============
libmad is a high-quality MPEG audio decoder capable of 24-bit output.
Affected version:
=====
0.15.1b
Vulnerability Description:
==========================
the mad_decoder_run function in decoder.c in libmad 0.15.1b can cause a denial of service(memory corruption) via a crafted mp3 file.
I found this bug when I test mpg321 0.3.2 which used the libmad library.
./mpg321 libmad_0.15.1b_memory_corruption.mp3
----debug info:----
Program received signal SIGABRT, Aborted.
0x00007ffff6bf7cc9 in __GI_raise ([email protected]=6)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 0x00007ffff6bf7cc9 in __GI_raise ([email protected]=6)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007ffff6bfb0d8 in __GI_abort () at abort.c:89
#2 0x00007ffff6c34394 in __libc_message ([email protected]=1,
[email protected]=0x7ffff6d42b28 "*** Error in `%s': %s: 0x%s ***\n")
at ../sysdeps/posix/libc_fatal.c:175
#3 0x00007ffff6c4066e in malloc_printerr (ptr=<optimized out>,
str=0x7ffff6d42c58 "double free or corruption (out)", action=1)
at malloc.c:4996
#4 _int_free (av=<optimized out>, p=<optimized out>, have_lock=0)
at malloc.c:3840
#5 0x00007ffff749ab43 in mad_decoder_run (
[email protected]=0x7fffffffbd20,
[email protected]=MAD_DECODER_MODE_SYNC) at decoder.c:559
#6 0x0000000000403d5d in main (argc=<optimized out>, argv=<optimized out>)
at mpg321.c:1092
(gdb)
POC:
libmad_0.15.1b_memory_corruption.mp3
CVE:
CVE-2017-11552
Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/42409.zip
# 0day.today [2018-04-11] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Aug 2017 00:00Current
0.1Low risk
Vulners AI Score0.1
EPSS0.0875