PT-2017-3721 · Mad · Libmad

Agostino Sarubbo

Published

2017-04-30

Updated

2018-05-20

CVE-2017-8374

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Libmad version 0.15.1b

Description: The issue is related to the mad bit skip function in the bit.c file of the Libmad MPEG audio decoder, which can cause a heap-based buffer over-read and application crash when processing a specially crafted audio file. This can allow a remote attacker to cause a denial of service.

Recommendations: For Libmad version 0.15.1b, consider avoiding the use of the mad bit skip function until a patch is available. As a temporary workaround, restrict the processing of audio files from untrusted sources to minimize the risk of exploitation.

Exploit

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2018-01490

CVE-2017-8374

DLA-1380-1

DSA-4192-1

MGASA-2018-0019

OPENSUSE-SU-2018:0527-1

OPENSUSE-SU-2018:0528-1

OPENSUSE-SU-2024:10954-1

Affected Products

Libmad

PT-2017-3721 · Mad · Libmad

CVE-2017-8374

Weakness Enumeration

Related Identifiers

Affected Products

References · 24