oCERT-2009-002 OpenCORE insufficient boundary checking during MP3 decoding
OpenCORE, an open source multimedia decoding subsystem, suffers from an integer underflow during Huffman decoding resulting in improper bounds checking when writing to a heap allocated buffer. Decoding a specially crafted mp3 file will result in unexpected process termination or, potentially, arbitrary code execution due to heap corruption.
OpenCORE <= 2.0
(secondary affected versions)
Credit: Initial vulnerability report and sample crasher provided by Owen Arden <owen [at] securityevaluators [dot] com> and Charlie Miller <cmiller [at] securityevaluators [dot] com>. In addition, oCERT would like to thank PacketVideo for the comprehensive analysis and patch.
2009-01-21: Android Security Team informed of issues
2009-01-23: Android Security Team requested coordination aid from oCERT
2009-01-24: oCERT investigated for other potential affected projects
2009-02-05: vendor supplied patch
2009-02-05: indicated that no other open source projects appear affected
2009-02-05: emailed [email protected] as a cross-check
2009-02-06: supplied vulnerability analysis to upstream vendor
2009-02-06: walked through affected code with upstream vendor
2009-02-06: CVE assignment requested and assigned
2009-02-07: advisory release