Libxmp Stack-Based Buffer Overflow Vulnerability in Pha Loader

A stack-based buffer overflow vulnerability has been identified in libxmp versions through 4.6.2. The issue arises in the depack_pha function within the Pha loader, where improper bounds checking allows for writing data outside the limits of a local stack buffer. This vulnerability is triggered by malformed Pha format tracker modules embedded in .mod files, potentially leading to denial-of-service conditions and, under specific circumstances, remote code execution.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can lead to memory corruption. This type of vulnerability commonly allows for arbitrary code execution, especially when the application is compiled with certain options that enable such exploitation.

Reproduction

The vulnerability can be reproduced by crafting a .mod file that includes a malformed Pha Packer module. This file can then be loaded using an application that utilizes libxmp as its module playback library. The depack_pha function will attempt to parse the PHA data, during which the stack-based buffer overflow occurs.

Remediation

Users can upgrade to libxmp version 4.6.3, where this vulnerability has been fixed.