jarikomppa SoLoud WAV File Parser Memory Corruption Vulnerability

A memory corruption vulnerability has been identified in jarikomppa SoLoud versions prior to 20200207. The issue arises in the WAV file parser component, specifically within the function SoLoud::Wav::loadwav, located in the file src/audiosource/wav/soloud_wav.cpp. The vulnerability can be exploited locally and has been made public.

Impact

Exploitation of this vulnerability leads to a heap-buffer overflow, causing a segmentation fault due to an invalid write memory access. This type of memory corruption can often be exploited to execute arbitrary code or cause a crash, disrupting the application's normal operation.

Reproduction

The vulnerability can be reproduced by building SoLoud with release optimization and AddressSanitizer (ASan) enabled. After compiling the library, a harness application can be created to load a crafted WAV file into the SoLoud audio engine. This file should be designed to exploit the vulnerability by causing a heap-buffer overflow or a global-buffer-overflow, depending on the specific reproduction scenario.