All use of Secunia Advisories is for non-commercial use only. No use is permitted for commercial use. For further information, see the End User License Agreement or contact us. If you are an IT security professional, request a trial of the Secunia VIM.

 
Moderately critical

foobar2000 WAV File Processing Integer Overflow Vulnerability

-

Release Date:  2011-07-04    Views:  2,703

Secunia Advisory SA45141

Where:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Impact:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Solution Status:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Software:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

CVE Reference(s):

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Description


Luigi Auriemma has discovered a vulnerability in foobar2000, which can be exploited by malicious people to compromise a user's system


Log in with your Secunia community profile to view the full description of this Advisory. If you are an IT security professional, request a trial of the Secunia VIM.

If you are not a member of the Secunia community, you can sign up here for free.

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: foobar2000 WAV File Processing Integer Overflow Vulnerability

User Message
pojargeorge RE: foobar2000 WAV File Processing Integer Overflow Vulnerability
Member 4th Jul, 2011 22:35
Score: 0
Posts: 2
User Since: 4th Jul 2011
System Score: N/A
Location: RO
Last edited on 5th Jul, 2011 02:40
Peter Pawlowski (foobar2000 developer) clarification:

"Not Our Bug:
While the buffer size calculation part may produce incorrect results on malformed files, foobar2000 itself will never write outside allocated memory, and will also correctly tell the ACM codec what buffer size it has allocated - see ACMSTREAMHEADER::cbDstLength.
This may lead to a buffer overrun only in case of a buggy codec present on the system that writes past the output buffer size as specified by the application.

Either way this will be worked-around with the next update (as a part of broken codec workarounds), thanks for posting this.
"

Source: http://www.hydrogenaudio.org/forums/index.php?s=&s...

Was this reply relevant?
+0
-0
pojargeorge RE: foobar2000 WAV File Processing Integer Overflow Vulnerability
Member 27th Jul, 2011 09:23
Score: 0
Posts: 2
User Since: 4th Jul 2011
System Score: N/A
Location: RO
Fixed in FB2K 1.1.8 beta 1
Was this reply relevant?
+0
-0

-

You must be logged in to post a comment.