Severe Remote Code Execution vulnerability (from upstream)

Open shoghicp opened this issue 3 years ago • 1 comments

Several vulnerabilities exist on the decoder, see macosforge/alac#22

Submitted a limited incomplete patch https://github.com/macosforge/alac/issues/22#issuecomment-1108128560 which doesn't fix the issue completely, fuzzing still discovered other deeper issues in how decoding is handled.

Apr 25 '22 06:04 shoghicp

Many thanks for this.

Apr 25 '22 08:04 mikebrady