CVE-2024-33431

An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a remote attacker to cause a denial of service via a crafted .wav file.

Weakness

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

Affected Software

Name	Vendor	Start Version	End Version
Phiola	Stsaz	2.0-rc22 (including)	2.0-rc22 (including)

References

https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/flowPointException-1.assets/image-20240420004701828.png
https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/flowPointException-1.md
https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/poc/I0I72U~G
https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/flowPointException-1
https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/flowPointException-1/poc
https://github.com/stsaz/phiola/
https://github.com/stsaz/phiola/issues/27
https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/flowPointException-1.assets/image-20240420004701828.png
https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/flowPointException-1.md
https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/poc/I0I72U~G
https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/flowPointException-1
https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/flowPointException-1/poc
https://github.com/stsaz/phiola/
https://github.com/stsaz/phiola/issues/27

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-33431
CWE	https://cwe.mitre.org/data/definitions/670.html

Always-Incorrect Control Flow Implementation

Weakness

Affected Software

References