jarikomppa SoLoud WAV File Parser Out-of-Bounds Read Vulnerability

A global buffer overflow vulnerability has been identified in jarikomppa SoLoud versions prior to 20200207. The issue arises in the WAV file parser component, specifically within the function 'drwav_read_pcm_frames_s16__msadpcm' in the library 'src/audiosource/wav/dr_wav.h'. This vulnerability allows for an out-of-bounds read, with the exploitation occurring locally. The problem was reported to the project, but no response has been received yet.

Impact

Exploitation of this vulnerability leads to a global buffer overflow, allowing for out-of-bounds memory access which could potentially be exploited to cause a heap-based buffer overflow, a common vector for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by building SoLoud with release optimization and AddressSanitizer (ASan) enabled. After compiling the library, the 'harness.cpp' file can be used to load a crafted WAV file that exploits the vulnerability. The AddressSanitizer will report the out-of-bounds read, indicating the vulnerability has been successfully exploited.

Remediation

Users are advised to upgrade to SoLoud version 20200207 or later to address this vulnerability.