alac icon indicating copy to clipboard operation
alac copied to clipboard

Published 20 hours ago verified publisher icon mikebrady

Severe Remote Code Execution vulnerability (from upstream)

Open shoghicp opened this issue 3 years ago • 1 comments

Several vulnerabilities exist on the decoder, see macosforge/alac#22

Submitted a limited incomplete patch https://github.com/macosforge/alac/issues/22#issuecomment-1108128560 which doesn't fix the issue completely, fuzzing still discovered other deeper issues in how decoding is handled.

shoghicp avatar Apr 25 '22 06:04 shoghicp

Many thanks for this.

mikebrady avatar Apr 25 '22 08:04 mikebrady