[3.9] soundtouch: Multiple vulnerabilities (CVE-2018-17096, CVE-2018-17097, CVE-2018-17098)
CVE-2018-17096: Assertion failure in BPMDetect class in BPMDetect.cpp
The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli
Parviainen SoundTouch 2.0 allows remote attackers
to cause a denial of service (assertion failure and application exit),
as demonstrated by SoundStretch.
References:
https://gitlab.com/soundtouch/soundtouch/issues/14
https://github.com/TeamSeri0us/pocs/tree/master/soundtouch/2018\_09\_03
Patch:
https://gitlab.com/soundtouch/soundtouch/commit/a1c400eb2cff849c0e5f9d6916d69ffea3ad2c85
CVE-2018-17097: Out-of-bounds heap write in WavOutFile::write()
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0
allows remote attackers to cause
a denial of service (double free) or possibly have unspecified other
impact, as demonstrated by SoundStretch.
References:
https://github.com/TeamSeri0us/pocs/tree/master/soundtouch/2018\_09\_03
Patch:
https://gitlab.com/soundtouch/soundtouch/commit/7f594f8b7d10bbc16a4a31de8ec5a279af9c7378
CVE-2018-17098: Heap corruption in WavFileBase class in WavFile.cpp
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0
allows remote attackers to cause a denial of service
(heap corruption from size inconsistency) or possibly have unspecified
other impact, as demonstrated by SoundStretch.
References:
https://gitlab.com/soundtouch/soundtouch/issues/14
https://github.com/TeamSeri0us/pocs/tree/master/soundtouch/2018\_09\_03
Patch:
https://gitlab.com/soundtouch/soundtouch/commit/7f594f8b7d10bbc16a4a31de8ec5a279af9c7378
(from redmine: issue id 9881, created on 2019-01-21)
- Relations:
- parent #9880 (closed)
- Changesets:
- Revision edfe8b82 by Natanael Copa on 2019-01-23T19:12:36Z:
community/soundtouch: security upgrade to 2.1.2
CVE-2018-17096 soundtouch: Assertion failure in BPMDetect class in
BPMDetect.cpp
CVE-2018-17097 soundtouch: Double free in WavFileBase class in
WavFile.cpp
CVE-2018-17098 soundtouch: Heap corruption in WavFileBase class in
WavFile.cpp
fixes #9881