* Re: Bug#881121: sox: null pointer dereference while running sox [not found] <151010671220.5921.12524514333112429556.reportbug@yuweol> @ 2017-11-18 21:54 ` Eric Wong 0 siblings, 0 replies; only message in thread From: Eric Wong @ 2017-11-18 21:54 UTC (permalink / raw) To: Joonun Jang, 881121; +Cc: Mans Rullgard, sox-devel Joonun Jang <joonun.jang@gmail.com> wrote: > Package: sox > Version: 14.4.1-5+b2 > Severity: normal > Tags: security > > null pointer dereference while running sox with "poc.aiff output.aiff speed 1.027" option > > Running 'sox poc.aiff output.aiff speed 1.027' with the attached file raises null pointer dereference > which may allow a remote attack to cause a denial-of-service attack > I expected the program to terminate without segfault, but the program crashes as follow Thanks for the report, Mans fixed this the other day on the sox-devel list: https://public-inbox.org/sox-devel/20171109114554.16297-1-mans@mansr.com/raw Also pushed as commit c9a48c055398f171128573bbeab4e4de4c761058 in my unofficial "pu" (potential updates) branch @ https://bogomips.org/sox.git ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ SoX-devel mailing list SoX-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sox-devel ^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2017-11-18 21:55 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <151010671220.5921.12524514333112429556.reportbug@yuweol>
2017-11-18 21:54 ` Bug#881121: sox: null pointer dereference while running sox Eric Wong
Code repositories for project(s) associated with this public inbox https://80x24.org/mirrors/sox.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).