Skip to content

Security contact for reproducible memory-safety issue in AIFF parsing #102

Description

@damseleng

Hello,

I have identified a reproducible memory-safety issue in AudioFile, reachable through the public loadFromMemory() API when processing malformed AIFF-like input data.

I would prefer not to disclose the minimized input or detailed sanitizer output publicly before the maintainer has had a chance to review it.

Is there a preferred private security contact, email address, or disclosure route for this project?

I can provide:

  • minimized malformed AIFF-like input
  • ASan/UBSan crash log
  • affected commit information
  • clean-checkout reproduction steps
  • a small standalone C++ reproducer using loadFromMemory()
  • source-level root cause notes
  • suggested fix direction

Best regards,
Yukimura

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions