ggml-org Whisper.cpp Use-After-Free Vulnerability in Audio Data Processing
Vulnerability
A use-after-free vulnerability has been identified in ggml-org Whisper.cpp versions up to 1.8.2. The issue arises in the 'read_audio_data' function within 'whisper.cpp/examples/common-whisper.cpp'. This vulnerability, which requires local access to exploit, has been made public and is available as a proof-of-concept exploit. The problem was reported to the project, but no response has been received.
Impact
Exploitation of this vulnerability leads to a crash of the application, as reported by the AddressSanitizer tool. However, use-after-free vulnerabilities can often be exploited to execute arbitrary code under certain conditions.
Reproduction
The vulnerability can be reproduced by using the 'whisper-cli' tool to read audio files. The 'ma_decoder_init_file' function is used, which triggers the invalid memory free. This can be done by compiling Whisper.cpp with Clang and the AddressSanitizer option, then running the 'whisper-cli' command with a specific model and audio file that triggers the vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.