From URL: Introduction: ============= Libao is a cross-platform audio library that allows programs to output audio using a simple API on a wide variety of platforms. Affected version: ===== 1.2.0 Vulnerability Description: ========================== the _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 can cause a denial of service(memory corruption) via a crafted mp3 file. I found this bug when I test mpg321 0.3.2 which used the libao library. ./mpg321 libao_1.2.0_memory_corruption.mp3 ----debug info:---- Program received signal SIGSEGV, Segmentation fault. _int_malloc (av=av@entry=0x7ffff6f7f760 <main_arena>, bytes=bytes@entry=3) at malloc.c:3740 3740malloc.c: No such file or directory. (gdb) bt #0 _int_malloc (av=av@entry=0x7ffff6f7f760 <main_arena>, bytes=bytes@entry=3) at malloc.c:3740 #1 0x00007ffff6c442cc in __libc_calloc (n=<optimized out>, elem_size=<optimized out>) at malloc.c:3219 #2 0x00007ffff728e189 in _tokenize_matrix () from /usr/local/lib/libao.so.4 #3 0x00007ffff728e607 in _matrix_to_channelmask () from /usr/local/lib/libao.so.4 #4 0x00007ffff72906f2 in _open_device () from /usr/local/lib/libao.so.4 #5 0x000000000040a6aa in open_ao_playdevice (header=header@entry=0x624af8) at ao.c:411 #6 0x0000000000407e50 in output (data=<optimized out>, header=0x624af8, pcm=0x627f44) at mad.c:974 #7 0x00007ffff749a85c in run_sync (decoder=0x7fffffffbc40) at decoder.c:439 #8 0x00007ffff749ab38 in mad_decoder_run ( decoder=decoder@entry=0x7fffffffbc40, mode=mode@entry=MAD_DECODER_MODE_SYNC) at decoder.c:557 #9 0x0000000000403d5d in main (argc=<optimized out>, argv=<optimized out>) at mpg321.c:1092 (gdb)
Maintainer(s), RedHat has addressed this bug with version #: libao-1.2.0-13.fc28 Our version in tree is Version: 1.2.2, please confirm if our current version has this fix in it.
I can't reproduce. Debian maintainer also isn't sure that this is actually an issue in libao. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870608
i can't reproduce it: $ mpg321-mpg123 libao_1.2.0_memory_corruption.mp3 High Performance MPEG 1.0/2.0/2.5 Audio Player for Layer 1, 2, and 3. Version 0.3.2-1 (2012/03/25). Written and copyrights by Joe Drew, now maintained by Nanakos Chrysostomos and others. Uses code from various people. See 'README' for more! THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTY! USE AT YOUR OWN RISK! Illegal bit allocation value Playing MPEG stream from libao_1.2.0_memory_corruption.mp3 ... MPEG 1.0 layer III, 192 kbit/s, 44100 Hz mono [0:00] Decoding of libao_1.2.0_memory_corruption.mp3 finished. $ equery list libao * Searching for libao ... [IP-] [ ] media-libs/libao-1.2.2-r1:0 so i suppose you can proceed.
Let's close as invalid then. Thanks for the second opinion!