Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 711918 (CVE-2019-14247) - <media-sound/mpg321-0.3.2: out-of-bounds write in scan() function in mad.c (CVE-2019-14247)
Summary: <media-sound/mpg321-0.3.2: out-of-bounds write in scan() function in mad.c (C...
Status: RESOLVED FIXED
Alias: CVE-2019-14247
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-03-08 23:08 UTC by Sam James
Modified: 2020-06-18 02:49 UTC (History)
2 users (show)

See Also:
Package list:
=media-sound/mpg321-0.3.2 *
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-03-08 23:08:40 UTC
1) CVE-2017-11552
Description:
"mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use with libmad 0.15.1b, which allows remote attackers to cause a denial of service (memory corruption seen in a crash in the mad_decoder_run function in decoder.c in libmad) via a crafted MP3 file."

URL: https://seclists.org/fulldisclosure/2017/Jul/94
URL: https://security-tracker.debian.org/tracker/CVE-2017-11552

2) CVE-2019-14247
Description:
"The scan() function in mad.c in mpg321 0.3.2 allows remote attackers to trigger an out-of-bounds write via a zero bitrate in an MP3 file."

URL: https://sourceforge.net/p/mpg321/bugs/51/
URL: https://security-tracker.debian.org/tracker/CVE-2019-14247
Patch: https://sources.debian.org/patches/mpg321/0.3.2-3/handle_illegal_bitrate_value.patch/

It looks like Debian felt both were resolved by the latter patch, see bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870406.
Comment 1 Thomas Deutschmann gentoo-dev Security 2020-03-09 00:26:35 UTC
Removing CVE-2017-11552 which only affects media-libs/libmad and is tracked in bug 626822.
Comment 2 Larry the Git Cow gentoo-dev 2020-06-06 01:50:11 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=33364299eee045ae5df62612a33c9c80dbbe792c

commit 33364299eee045ae5df62612a33c9c80dbbe792c
Author:     Azamat H. Hackimov <azamat.hackimov@gmail.com>
AuthorDate: 2020-06-04 17:51:17 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2020-06-06 01:49:13 +0000

    media-sound/mpg321: update ebuild
    
    Applied security fix from Debian for CVE-2019-14247 (#711918), fixed
    compilation on GCC10 (#706740), updated ebuild to EAPI 7.
    
    Bug: https://bugs.gentoo.org/711918
    Closes: https://bugs.gentoo.org/706740
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Azamat H. Hackimov <azamat.hackimov@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/16066
    Signed-off-by: Aaron Bauman <bman@gentoo.org>

 .../mpg321/files/mpg321-0.3.2-CVE-2019-14247.patch | 20 ++++++
 .../files/mpg321-0.3.2-format-security.patch       |  4 +-
 media-sound/mpg321/files/mpg321-0.3.2-gcc10.patch  | 83 ++++++++++++++++++++++
 media-sound/mpg321/mpg321-0.3.2.ebuild             | 12 +++-
 4 files changed, 114 insertions(+), 5 deletions(-)
Comment 3 Sam James archtester gentoo-dev Security 2020-06-06 03:26:26 UTC
@Azamat, thank you for the PR! Let's try out stabilisation.
Comment 4 Sam James archtester gentoo-dev Security 2020-06-06 03:27:17 UTC
(In reply to Sam James (sec padawan) from comment #3)
> @Azamat, thank you for the PR! Let's try out stabilisation.

Actually, let's give it a day or two. Changed the rating.
Comment 5 Sam James archtester gentoo-dev Security 2020-06-16 13:27:09 UTC
Oh, this went straight-to-stable with just the patches included in the existing version -- no version bump. This makes a GLSA challenging.

In future, please revbump when including patches which affect the installed version.
Comment 6 Azamat H. Hackimov 2020-06-16 17:38:33 UTC
I'v done what asked to https://github.com/gentoo/gentoo/pull/16066#issuecomment-639147750