CVE-2020-36148
Description
libmysofa 0.5–1.1 has a NULL pointer dereference in verifyAttribute that can crash applications or cause memory corruption in embedded environments.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
libmysofa 0.5–1.1 has a NULL pointer dereference in verifyAttribute that can crash applications or cause memory corruption in embedded environments.
Vulnerability
The verifyAttribute function in tools.c line 26 of the libmysofa library (versions 0.5 through 1.1) does not properly validate that the attr->value pointer is non-NULL before dereferencing it [1]. When the library parses a maliciously crafted SOFA file, this pointer can be NULL, leading to undefined behavior. The code path is reachable when any application calls mysofa_open, mysofa_open_default, or mysofa_loudness on a specially crafted file [1].
Exploitation
An attacker must provide a crafted SOFA file that triggers the NULL pointer dereference [1]. No authentication or special network access is required if the user can be induced to open the file (e.g., via email or web download). The vulnerable function is called during parsing; a minimal reproducer is:
struct MYSOFA_EASY *easy = NULL;
easy = mysofa_open(filename, 48000, &filter_length, &err);
The crash occurs immediately in verifyAttribute when it calls a string comparison on the NULL attr->value [1].
Impact
On systems with restrictive memory protection (e.g., general-purpose operating systems), the NULL pointer dereference results in a segmentation fault and denial of service. On systems without memory protection (e.g., some embedded environments), the attacker may achieve near-NULL pointer overwrite, potentially leading to arbitrary memory write or code execution [1]. The CIA outcome varies: at minimum availability is lost; in constrained environments integrity and confidentiality may also be compromised.
Mitigation
The vulnerability was addressed in libmysofa version 1.2, released after the report [1][2]. Users should upgrade to version 1.2 or later. No workaround is available for unpatched versions; the only mitigation is to avoid opening untrusted SOFA files with libmysofa prior to 1.2.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- libmysofa/libmysofadescription
- osv-coords2 versionspkg:rpm/opensuse/libmysofa&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/libmysofa&distro=SUSE%20Package%20Hub%2015%20SP2
< 0.9.1-lp152.3.3.1+ 1 more
- (no CPE)range: < 0.9.1-lp152.3.3.1
- (no CPE)range: < 0.9.1-bp152.4.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing NULL-pointer check in `verifyAttribute` before calling `strcmp` on `attr->value`."
Attack vector
An attacker provides a maliciously crafted SOFA file to `mysofa_open`. The file causes `verifyAttribute` to dereference a NULL pointer (`attr->value`) when calling `strcmp`, leading to a segmentation fault. No authentication or special privileges are required; the attack vector is purely file-based and local or remote if the application accepts user-supplied SOFA files. [CWE-476]
Affected code
The vulnerability resides in the `verifyAttribute` function in `tools.c` at line 26, which is called from `mysofa_loudness` in `loudness.c` and ultimately reachable via `mysofa_open_default` / `mysofa_open` in `easy.c`. The entire call chain from `mysofa_open` through `mysofa_loudness` to `verifyAttribute` is affected in libmysofa versions 0.5 through 1.1.
What the fix does
The patch does not appear in the bundle; the advisory [ref_id=1] only documents the crash and the affected code path. To fix the vulnerability, the `verifyAttribute` function must check that `attr->value` is not NULL before passing it to `strcmp`. Without such a guard, any SOFA file that triggers a NULL `attr->value` will cause a denial-of-service via segmentation fault.
Preconditions
- inputThe attacker must supply a maliciously crafted SOFA file that triggers a NULL `attr->value` in the `verifyAttribute` function.
- inputThe application must call `mysofa_open` (or `mysofa_open_default`) on the attacker-controlled file.
Generated on May 31, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQLNZOVVONQSZZJHQVZT6NMOUUDMGBBR/mitrevendor-advisoryx_refsource_FEDORA
- github.com/hoene/libmysofa/issues/138mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.