SoundTouch WavInFile::readHeaderBlock() Function Heap-Based Buffer Overflow Vulnerability



A vulnerability in the WavInFile::readHeaderBlock() function of SoundTouch could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

The vulnerability exists in the WavInFile::readHeaderBlock() function, as defined in the SoundStretch/WavFile.cpp file of the affected software, and is due to the use of a signed integer instead of an unsigned integer when the size of a structure is calculated. An attacker could exploit this vulnerability by persuading a user to open a file with the SoundStretch utility that submits malicious input to the targeted system. A successful exploit could trigger a heap-based buffer overflow condition that the attacker could use to execute arbitrary code on the system.

Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.

SoundTouch has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2018-1000223

Source:: Cisco Multivendor Vulnerability Alerts