Bug#964303: liboggz2: Segmentation Fault (heap buffer overflow) in oggz_comments_decode()

To: <submit@bugs.debian.org>
Subject: Bug#964303: liboggz2: Segmentation Fault (heap buffer overflow) in oggz_comments_decode()
From: Rafael Dutra <rafael.dutra@cispa.saarland>
Date: Sun, 5 Jul 2020 12:48:33 +0200
Message-id: <[🔎] c56a2a5c-040a-07be-ccfd-f4fbf81c5866@cispa.saarland>
Reply-to: Rafael Dutra <rafael.dutra@cispa.saarland>, 964303@bugs.debian.org

Package: liboggz2
Version: 1.1.1-7
Severity: important
Tags: security, upstream

Dear Maintainer,

This bug causes a crash in the application when a specially crafted
input file is parsed.
It's a read violation of about 43k bytes caused by a heap buffer
overflow at src/liboggz/oggz_comments.c:604:4 in oggz_comments_decode().

To reproduce:
Install oggz-tools package. Run the command
oggz-validate input_file.ogg

I'm sending attached an input file that triggers the bug.

Thank you,
Rafael.

Attachment: oggz_comments_decode.ogg
Description: video/ogg

Reply to:

Prev by Date: Bug#964302: liboggz2: Segmentation Fault in oggz_comment_cmp()
Next by Date: Bug#964304: liboggz2: Segmentation Fault (read) in auto_calc_theora()
Previous by thread: Bug#964302: liboggz2: Segmentation Fault in oggz_comment_cmp()
Next by thread: Bug#964304: liboggz2: Segmentation Fault (read) in auto_calc_theora()
Index(es):
- Date
- Thread