mirror/taglib
1
0
Fork 0
mirror of https://github.com/taglib/taglib.git synced 2025-05-27 21:20:26 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fixed OOB read when loading invalid ogg flac file. (#868) (#869)

Browse Source 
CVE-2018-11439 is caused by a failure to check the minimum length
of a ogg flac header. This header is detailed in full at:
https://xiph.org/flac/ogg_mapping.html. Added more strict checking
for entire header.
This commit is contained in:
Scott Gayou 2018-10-09 18:46:55 -05:00 committed by Stephen F. Booth
parent d8d56d3937
commit 2c4ae870ec
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
taglib/ogg/flac/oggflacfile.cpp
View File

@ -231,11 +231,21 @@ void Ogg::FLAC::File::scan()
if(!metadataHeader.startsWith("fLaC")) {
// FLAC 1.1.2+
// See https://xiph.org/flac/ogg_mapping.html for the header specification.
if(metadataHeader.size() < 13)
return;
if(metadataHeader[0] != 0x7f)
return;
if(metadataHeader.mid(1, 4) != "FLAC")
return;
if(metadataHeader[5] != 1)
return; // not version 1
if(metadataHeader[5] != 1 && metadataHeader[6] != 0)
return; // not version 1.0
if(metadataHeader.mid(9, 4) != "fLaC")
return;
metadataHeader = metadataHeader.mid(13);
}