#1080066 ascd: A suspicious integer overflow to buffer overflow in 'libworkman/database.c'

Package:
ascd
Source:
ascd
Description:
CD player and mixer
Submitter:
r10922044
Date:
2024-08-30 09:18:02 UTC
Severity:
normal
#1080066#5
Date:
2024-08-30 09:08:01 UTC
From:
To:
Dear Maintainers,

We are researching static analysis for recurring vulnerabilities. When
using our tool to test on 'ascd', we found a suspicious integer overflow
to buffer overflow at 'v2parse' in 'libworkman/database.c'. 'listsize'
which was read by 'fscanf' in line 948 would be used directly to
allocate memory in line 950 with no check. We suggest adding an integer
overflow check before memory allocation to prevent buffer overflow.

Thank you for maintaining ascd.

Best regards