oss-sec mailing list archives
libming: listmp3: left shift in listmp3.c
From: Agostino Sarubbo <ago () gentoo org>
Date: Wed, 09 Nov 2016 15:50:38 +0100
If it is suitable for a CVE please assign one. Thanks. Description: libming is a Flash (SWF) output library. It can be used from PHP, Perl, Ruby, Python, C, C++, Java, and probably more on the way.. A fuzzing revealed a left shift in listmp3. The bug does not reside in any shared object but if you have a web application that calls directly the listmp3 binary to parse untrusted mp3, then you are affected. The complete UBSan output: # listmp3 $FILE listmp3.c:94:23: runtime error: left shift of negative value -1 listmp3.c:95:23: runtime error: left shift of negative value -1 Affected version: 0.4.7 Fixed version: N/A Commit fix: N/A Credit: This bug was discovered by Agostino Sarubbo of Gentoo. CVE: N/A Reproducer: https://github.com/asarubbo/poc/blob/master/00046-libming-leftshift-listmp3_c Timeline: 2016-08-13: bug discovered 2016-10-20: bug reported to upstream 2016-11-09: blog post about the issue Note: This bug was found with American Fuzzy Lop. Permalink: https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-left-shift-in-listmp3-c
Current thread:
- libming: listmp3: left shift in listmp3.c Agostino Sarubbo (Nov 09)
- Re: libming: listmp3: left shift in listmp3.c cve-assign (Nov 10)