Skip to content
Snippets Groups Projects

user/libmad: CVE-2018-7263: SIGABRT via crafted file

    • Closed Issue created by Emily @emily
    Bugzilla ID 122
    Alias(es) CVE-2018-7263
    Reporter Max Rees (sroracle)
    Assignee Max Rees (sroracle)
    Reported 2019-07-29 03:24:15 -0500
    Modified 2020-09-17 01:12:12 -0500
    Status RESOLVED FIXED
    Version 1.0-BETA3
    Hardware Adélie Linux / All
    Importance --- / minor
    Package(s) user/libmad
    URL https://nvd.nist.gov/vuln/detail/CVE-2018-7263

    Description

    The mad_decoder_run() function in decoder.c in Underbit libmad through
    0.15.1b allows remote attackers to cause a denial of service (SIGABRT
    because of double free or corruption) or possibly have unspecified
    other impact via a crafted file. NOTE: this may overlap
    CVE-2017-11552.

    Edited

    Designs

      Child items ...

      2. Activity

      • Emily added SECURITY bugzilla labels

        added SECURITY bugzilla labels

      • Emily changed milestone to %1.0-BETA3

        changed milestone to %1.0-BETA3

      • Emily
        Emily @emily ·
        Author

        Comment 1 by "A. Wilcox (awilfox)" on 2020-09-17 01:12:12 -0500

        Debian and SuSE are pretty confident that this is NOTABUG.

        But Fedora did end up merging a patch to close this, even though libmad's API contract does not cover non-sanitised input. (tl;dr this CVE should apply to mpg321, not libmad.)

        So I "borrowed" their patch in a7f03fc5. Reproducer does not crash gwyn. Seems fixed to me.

      • Emily closed

        closed

      • Zach van Rijn changed title from CVE-2018-7263: user/libmad: SIGABRT via crafted file to user/libmad: CVE-2018-7263: SIGABRT via crafted file

        changed title from CVE-2018-7263: user/libmad: SIGABRT via crafted file to user/libmad: CVE-2018-7263: SIGABRT via crafted file

      Please register or sign in to reply