Lucene search
Qflb.wu1337DAY-ID-28217HistoryAug 01, 2017 - 12:00 a.m.
libmad 0.15.1b - mp3 Memory Corruption Exploit
2017-08-0100:00:00
qflb.wu
0day.today
28
0.041 Low
EPSS
Percentile
91.2%
Exploit for linux platform in category dos / poc
libmad memory corruption vulnerability
================
Author : qflb.wu
===============
Introduction:
=============
libmad is a high-quality MPEG audio decoder capable of 24-bit output.
Affected version:
=====
0.15.1b
Vulnerability Description:
==========================
the mad_decoder_run function in decoder.c in libmad 0.15.1b can cause a denial of service(memory corruption) via a crafted mp3 file.
I found this bug when I test mpg321 0.3.2 which used the libmad library.
./mpg321 libmad_0.15.1b_memory_corruption.mp3
----debug info:----
Program received signal SIGABRT, Aborted.
0x00007ffff6bf7cc9 in __GI_raise ([email protected]=6)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 0x00007ffff6bf7cc9 in __GI_raise ([email protected]=6)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007ffff6bfb0d8 in __GI_abort () at abort.c:89
#2 0x00007ffff6c34394 in __libc_message ([email protected]=1,
[email protected]=0x7ffff6d42b28 "*** Error in `%s': %s: 0x%s ***\n")
at ../sysdeps/posix/libc_fatal.c:175
#3 0x00007ffff6c4066e in malloc_printerr (ptr=<optimized out>,
str=0x7ffff6d42c58 "double free or corruption (out)", action=1)
at malloc.c:4996
#4 _int_free (av=<optimized out>, p=<optimized out>, have_lock=0)
at malloc.c:3840
#5 0x00007ffff749ab43 in mad_decoder_run (
[email protected]=0x7fffffffbd20,
[email protected]=MAD_DECODER_MODE_SYNC) at decoder.c:559
#6 0x0000000000403d5d in main (argc=<optimized out>, argv=<optimized out>)
at mpg321.c:1092
(gdb)
POC:
libmad_0.15.1b_memory_corruption.mp3
CVE:
CVE-2017-11552
Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/42409.zip
# 0day.today [2018-04-11] #Related
cve
cve
CVE-2017-11552
2017-08-01 13:29:00
CVE-2018-7263
2018-02-20 21:29:00
osv
osv
CVE-2017-11552
2017-08-01 13:29:00
CVE-2018-7263
2018-02-20 21:29:00
alpinelinux
alpinelinux
CVE-2017-11552
2017-08-01 13:29:00
CVE-2018-7263
2018-02-20 21:29:00
ubuntucve
ubuntucve
CVE-2017-11552
2017-08-01 00:00:00
CVE-2018-7263
2018-02-20 00:00:00
prion
prion
Memory corruption
2017-08-01 13:29:00
Double free
2018-02-20 21:29:00
exploitpack
exploitpack
libmad 0.15.1b - mp3 Memory Corruption
2017-08-01 00:00:00
debiancve
debiancve
CVE-2017-11552
2017-08-01 13:29:00
openvas
openvas
Mageia: Security Advisory (MGASA-2019-0078)
2022-01-28 00:00:00
Fedora Update for libmad FEDORA-2018-3b14abc9b0
2018-10-06 00:00:00
Fedora Update for libmad FEDORA-2018-4f9f4d26f0
2018-10-06 00:00:00
exploitdb
exploitdb
libmad 0.15.1b - 'mp3' Memory Corruption
2017-08-01 00:00:00
redhatcve
redhatcve
CVE-2018-7263
2019-05-14 12:08:48
rosalinux
rosalinux
Advisory ROSA-SA-2021-1877
2021-07-02 17:15:14
nessus
nessus
Fedora 27 : libmad (2018-3b14abc9b0)
2018-10-09 00:00:00
Fedora 28 : libmad (2018-4f9f4d26f0)
2019-01-03 00:00:00
Fedora 29 : libmad (2018-f8b87f9d12)
2019-01-03 00:00:00
mageia
mageia
Updated mad packages fix security vulnerability
2019-02-14 11:38:16
fedora
fedora
[SECURITY] Fedora 28 Update: libmad-0.15.1b-26.fc28
2018-10-05 17:11:52
[SECURITY] Fedora 29 Update: libmad-0.15.1b-26.fc29
2018-10-02 19:36:04
[SECURITY] Fedora 27 Update: libmad-0.15.1b-26.fc27
2018-10-05 15:59:12