Bug 1174792 (CVE-2014-8145) - CVE-2014-8145 sox: two heap out-of-bounds access issues (oCERT-2014-010)
Summary: CVE-2014-8145 sox: two heap out-of-bounds access issues (oCERT-2014-010)
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2014-8145
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1184079
Blocks: 1174802
TreeView+ depends on / blocked
 
Reported: 2014-12-16 13:54 UTC by Tomas Hoger
Modified: 2021-06-14 15:04 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
It was discovered that SoX did not correctly process NIST Sphere and WAV audio files. By tricking a victim into processing a specially crafted NIST Sphere or WAV audio file, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running SoX.
Clone Of:
Environment:
Last Closed: 2021-06-14 15:04:11 UTC


Attachments (Terms of Use)
Upstream patch 1 - 0001-Check-for-minimum-size-sphere-headers (797 bytes, patch)
2014-12-16 14:01 UTC, Tomas Hoger
no flags Details | Diff
Upstream patch 2 - 0002-More-checks-for-invalid-MS-ADPCM-blocks (1.07 KB, patch)
2014-12-16 14:02 UTC, Tomas Hoger
no flags Details | Diff

Description Tomas Hoger 2014-12-16 13:54:13 UTC
oCERT reports sox vulnerabilities found by Michele Spagnuolo of Google Security Team:

"""
We have 2 heap-oob (one sometimes also causes SIGSEGV), 1 null pointer dereference and 6 divisions by zero that reproduce in both 14.3.1 and 14.4.1.  The memory corruptions on the heap are potentially exploitable.

The divisions by zero and the *(0x0), of course, are not security relevant.

The maintainer provided 2 patches (they are attached) which have been validated by original report.
"""

Acknowledgement:

Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges Michele Spagnuolo of the Google Security Team as the original reporter.

Comment 1 Tomas Hoger 2014-12-16 14:01:23 UTC
Created attachment 969552 [details]
Upstream patch 1 - 0001-Check-for-minimum-size-sphere-headers

Upstream patch provided with the report

Comment 2 Tomas Hoger 2014-12-16 14:02:22 UTC
Created attachment 969553 [details]
Upstream patch 2 - 0002-More-checks-for-invalid-MS-ADPCM-blocks

Upstream patch provided with the report

Comment 3 Tomas Hoger 2014-12-16 14:04:36 UTC
The report does not indicate if the above two patches only address 2 heap OOB access issues, or if they should address NULL deref and division by zero issues.

Comment 7 Huzaifa S. Sidhpurwala 2014-12-22 15:43:19 UTC
External Reference:

http://www.ocert.org/advisories/ocert-2014-010.html

Comment 8 Vincent Danen 2015-01-20 14:43:57 UTC
Created sox tracking bugs for this issue:

Affects: fedora-all [bug 1184079]

Comment 9 Fedora Update System 2015-02-23 23:27:26 UTC
sox-14.4.1-7.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Stefan Cornelius 2015-06-02 10:15:40 UTC
The patches above fix the 2 OOB write issues. The other issues are without any security impact in this case, but they appear to be unfixed.

Statement:

This issue affects the versions of sox as shipped with Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Comment 12 Product Security DevOps Team 2021-06-14 15:04:11 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2014-8145


Note You need to log in before you can comment on or make changes to this bug.