jarikomppa SoLoud Heap-Based Buffer Overflow Vulnerability in Audio File Handler

A heap-based buffer overflow vulnerability has been identified in jarikomppa SoLoud versions prior to 20200207. The issue arises in the function SoLoud::Wav::loadflac, located in the file src/audiosource/wav/soloud_wav.cpp. This vulnerability can be exploited locally by loading a crafted audio file, which triggers the overflow by manipulating the FLAC data embedded in a WAV container. The AddressSanitizer report confirms the overflow occurs when the function writes data 1024 bytes beyond the allocated memory, leading to a segmentation fault.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by building SoLoud with release optimization and AddressSanitizer enabled. After compiling the audio engine, the issue can be triggered by using a harness application that loads a specially crafted WAV file containing FLAC data. The harness should be executed with the file as an argument, which will then be processed by the vulnerable loadflac function. The AddressSanitizer will report the heap-buffer-overflow error, indicating that the vulnerability has been successfully exploited.