Red Hat Bugzilla – Bug 1480656
CVE-2017-11331 vorbis-tools: Invalid memory allocation in wav_open function in oggenc/audio.c
Last modified: 2017-12-06 12:30:45 EST
A flaw was found in vorbis-tools 1.4.0. The wav_open function in oggenc/audio.c in vorbis-tools 1.4.0 can cause a denial of service(memory allocation error)
via a crafted wav file.
Created vorbis-tools tracking bugs for this issue:
Affects: fedora-all [bug 1480657]
To be honest, I do not see any (security) problem here. If the audio file header is corrupted, oggenc simply cannot cannot open the file. From user's perspective it does not really matter whether the process is terminated by exit() or by the kernel handling a NULL pointer dereference. Please clarify what exactly is your concern here.
The fact that it terminates via a NULL pointer dereference means that someone can crash it from another process. Thats probably why it got a CVE and why its a security issue.
As this already has a CVE, I we can't do anything else about it but feel free to close it of you think you should.
Please explain how this differs from CVE-2014-9639 for which we have a patch already installed:
I'm speculating here, but the 2014 CVE looks like an integer overflow that leads to a out-of-bounds read, while this seems a NULL pointer dereference while allocating memory.
But I couldn't determine for certain if this is the case.
Although, the patch you mentioned really seems to fix this issue too, as stated by other distros bugs (https://security-tracker.debian.org/tracker/CVE-2017-11331).