Zero-Day Advisory
Fortinet Discovers Audacity WAV File Parsing Memory Corruption Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered a memory corruption vulnerability in Audacity.
Audacity is a free, award-winning open source program for recording and editing sound. Audacity runs on Mac OS X, Microsoft Windows, GNU/Linux and other operating systems.
A memory corruption vulnerability has been identified in Audacity. The vulnerability is caused by an error when the vulnerable software handles a crafted FORMATCHUNK structure in a WAV (RIFF) file.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:Audacity.FORMATCHUNK.Memory.Corruption
Released Jan 27, 2016
Users should upgrade to Audacity version 2.1.2 provided by Audacity.
Acknowledgement
This vulnerability was discovered by Chris Navarrete of Fortinet's FortiGuard Labs.