Closed Frank-Z7 closed 12 months ago
Thanks for the report! Proposed fix at https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/7
Thanks for the report! Proposed fix at https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/7
my pleasure.
CVE-2023-43361 was assigned to this.
I did not had any involvement on the assignment.
Heap-buffer-overflow on vorbis-tools/oggenc
Description
We found a heap-buffer-overflow when vorbis-tools/oggenc converted wav files to ogg files. It should be noted that vorbis-tools(version 1.4.0-11) downloaded through apt-get may also trigger this vulnerability, which may endanger the system security of Debian users.
Version
vorbis-tools 1.4.2 is the latest version.
Reference
https://www.xiph.org/press/2021/vorbis-tools-1.4.2/
https://github.com/xiph/vorbis-tools
https://github.com/xiph/vorbis
https://xiph.org/vorbis/
Actual Behavior
Heap-buffer-overflow
PoC
https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/vorbis1poc
Reproduction
ASAN Log
Location
Environment
Credit
Zeng Yunxiang ([Huazhong University of Science and Technology](http://cse.hust.edu.cn/)) Song Jiaxuan