Security vulnerabilities and automated fixes for media parsing issues
1 post found
A critical buffer overflow vulnerability was discovered in the Vorbis producer module (`src/modules/vorbis/producer_vorbis.c`), where an unchecked `sprintf()` call allowed attacker-controlled metadata from Vorbis audio files to overflow a fixed-size buffer. The fix replaces `sprintf()` with `snprintf()` and adds explicit bounds checking, ensuring that no metadata key — no matter how long or maliciously crafted — can corrupt adjacent memory. This class of vulnerability is one of the oldest and mo