Hi,
CVE-2017-0381 states that:
"A remote code execution vulnerability in silk/NLSF_stabilize.c in
libopus in Mediaserver could enable an attacker using a specially
crafted file to cause memory corruption during media file and data
processing."
Now I'm not sure who did the analysis of this bug, but the analysis we
did concluded that the very worst that could happen was a slightly out
of bounds *read* 256 bytes before a constant table. What this means in
practice is that the value is read from another table and the decoded
data audio will sound bad (which was already going to happen if you're
decoding garbage data).
The worst case that could happen is a plain crash. This would happen if
the code is compiled with assertions (the code would assert before
making the read), or -- if you're really unlucky -- if the table is
placed just after some unreadable memory.
So while the bug definitely needed to be fixed -- and was fixed back in
July -- we don't consider it to be a severe security issue. If you
disagree with our analysis, could you point out what we missed?
Cheers,
Jean-Marc
