*** This bug is a security vulnerability *** Public security bug reported:
$ uname -a Linux 6176901723ae 5.15.0-122-generic #132-Ubuntu SMP Thu Aug 29 13:45:52 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux build setting $ git clone https://git.launchpad.net/ubuntu/+source/midicsv ( also possible https://www.fourmilab.ch/webtools/midicsv/#Download ) $ head Makefile CC = clang CFLAGS = -g -Wall -fsanitize=address INSTALL_DEST = /usr/local # You shouldn't need to change anything after this line VERSION = 1.1 PROGRAMS = midicsv csvmidi ( edit Makefile for address sanitizer ) When I run the attached poc file, a heap buffer overflow error occurs as follows. The following is the ASAN crash log that occurred when I ran the poc. $ ./midicsv /tmp/poc/poc27 ================================================================= ==53267==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x621000002721 at pc 0x0000004ec8de bp 0x7ffdfebc4c30 sp 0x7ffdfebc4c28 READ of size 1 at 0x621000002721 thread T0 #0 0x4ec8dd in trackcsv /tmp/midicsv/midicsv.c:193:11 #1 0x4ebd26 in main /tmp/midicsv/midicsv.c:505:2 ** Affects: midicsv (Ubuntu) Importance: Undecided Status: New ** Attachment added: "poc27" https://bugs.launchpad.net/bugs/2087785/+attachment/5836126/+files/poc27 ** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2087785 Title: heap-buffer overflow in midicsv.c:193 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/midicsv/+bug/2087785/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
