Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-33064: UndefinedBehaviorSanitizer: index 100 out of bounds for type 'SF_CUE_POINT [100]' · Issue #832 · libsndfile/libsndfile

An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.

CVE
Open in Source
#dos#c++

****Describe the bug****

UndefinedBehaviorSanitizer: index 100 out of bounds for type 'SF_CUE_POINT [100]' in wav.c:524

****To Reproduce****

Built libsndfile using clang-10 according to the oss-fuzz script with CXXFLAGS=’-O1 -fsanitize=address -fsanitize=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr’

commit: 4b01368

****UBSAN Output****

$ ./sndfile_alt_fuzzer id:000051,sig:06,src:002454+003908,time:5669051,op:splice,rep:8,trial:2
INFO: Seed: 3446105526
INFO: Loaded 1 modules   (33759 inline 8-bit counters): 33759 [0x8977c3, 0x89fba2), 
INFO: Loaded 1 PC tables (33759 PCs): 33759 [0x6f6b48,0x77a938), 
sndfile_alt_fuzzer: Running 1 inputs 1 time(s) each.
Running: id:000051,sig:06,src:002454+003908,time:5669051,op:splice,rep:8,trial:2
src/wav.c:524:8: runtime error: index 100 out of bounds for type 'SF_CUE_POINT [100]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/wav.c:524:8 in 
src/wav.c:525:8: runtime error: index 100 out of bounds for type 'SF_CUE_POINT [100]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/wav.c:525:8 in 
src/wav.c:526:8: runtime error: index 100 out of bounds for type 'SF_CUE_POINT [100]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/wav.c:526:8 in 
src/wav.c:527:8: runtime error: index 100 out of bounds for type 'SF_CUE_POINT [100]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/wav.c:527:8 in 
src/wav.c:528:8: runtime error: index 100 out of bounds for type 'SF_CUE_POINT [100]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/wav.c:528:8 in 
src/wav.c:529:8: runtime error: index 100 out of bounds for type 'SF_CUE_POINT [100]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/wav.c:529:8 in 
src/wav.c:530:8: runtime error: index 100 out of bounds for type 'SF_CUE_POINT [100]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/wav.c:530:8 in 
Executed id:000051,sig:06,src:002454+003908,time:5669051,op:splice,rep:8,trial:2 in 2 ms

testcase:
idx out of bound.zip

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE