Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21323
HistoryFeb 10, 2009 - 12:00 a.m.

[oCERT-2009-002] OpenCORE insufficient bounds checking during MP3 decoding

2009-02-1000:00:00
vulners.com
9
JSON

#2009-002 OpenCORE insufficient bounds checking during MP3 decoding

Description:

OpenCORE, an open source multimedia decoding subsystem, suffers from an
integer underflow during Huffman decoding resulting in improper bounds
checking when writing to a heap allocated buffer. Decoding a specially
crafted mp3 file will result in unexpected process termination or,
potentially, arbitrary code execution due to heap corruption.

Patches have been made available by PacketVideo:

http://ocert.org/patches/2009-002/opencore_mp3_dec.patch
http://review.source.android.com/Gerrit#change,8815

Affected version:

OpenCore <= 2.0

(secondary affected versions)

Android without change 8815

Fixed version:

OpenCore >= 2.0 with change 8815

Android with change 8815

Credit: Initial vulnerability report and sample crasher provided by
Owen Arden <[email protected]> and
Charlie Miller <[email protected]>.
Thanks to PacketVideo for the comprehensive analysis and
patching.

CVE: CVE-2009-0475

Timeline:
2009-01-21: Android Security Team informed of issue
2009-01-23: Android Security Team requested coordination aid from oCERT
2009-01-24: oCERT investigated for other potential affected projects
2009-02-05: vendor supplied patch
2009-02-05: vendor indicated that no other open source projects affected
2009-02-05: did not discover other open source projects affected
2009-02-05: emailed [email protected] as a cross-check
2009-02-06: supplied vulnerability analysis to upstream vendor
2009-02-06: walked through affected code with upstream vendor
2009-02-06: CVE assignment requested and received
2009-02-07: advisory published

References:
http://review.source.android.com/Gerrit#change,8815
http://review.source.android.com/Gerrit#change,8604
http://android.git.kernel.org/?p=platform/external/opencore.git;a=summary
http://android.git.kernel.org/?p=platform/external/opencore.git;a=blob;f=codecs_v2/audio/mp3/dec/src/pvmp3_huffman_parsing.cpp;h=491c0cc1b05adecb4ed2d53489c82e7fb4f46108;hb=d8b443ddaa386ed85ba31fbd663c40423a8d4ded
http://android.git.kernel.org/?p=platform/external/opencore.git;a=blob;f=codecs_v2/audio/mp3/dec/src/pvmp3_mpeg2_stereo_proc.cpp;h=bc4c227fbd60f3f0a90355d7d52c71d46cd4a87c;hb=d8b443ddaa386ed85ba31fbd663c40423a8d4ded

Links:
http://www.packetvideo.com/products/core/index.html
http://android.git.kernel.org
http://android.com

Permalink:
http://www.ocert.org/advisories/ocert-2009-002.html


Will Drewry <[email protected]>
oCERT Team :: http://ocert.org

Related

securityvulns 1
cve 1
seebug 1
prion 1
securityvulns
securityvulns
OpenCore / Android memory corruption
2009-02-10 00:00:00
cve
cve
CVE-2009-0475
2009-02-11 00:30:00
seebug
seebug
OpenCORE pvmp3_huffman_parsing.cpp MP3文件解析整数下溢漏洞
2009-02-11 00:00:00
prion
prion
Integer overflow
2009-02-11 00:30:00
JSON
Related for SECURITYVULNS:DOC:21323
securityvulns1cve1seebug1prion1