CVE-2020-36149
Description
A NULL pointer dereference in libmysofa's changeAttribute function allows denial of service via crafted file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A NULL pointer dereference in libmysofa's changeAttribute function allows denial of service via crafted file.
Vulnerability
The changeAttribute function in tools.c of the libmysofa library (versions 0.5 through 1.1, and master as of 2020-08-26) incorrectly handles input data, leading to a NULL pointer dereference on the attr->value variable. The vulnerability is triggered when a maliciously crafted HRTF (Head-Related Transfer Function) file is opened with mysofa_open or related API calls [1].
Exploitation
An attacker needs only to supply a specially crafted HRTF file to an application using libmysofa. No authentication or special network position is required beyond delivering the file to the parsing code (e.g., via a web upload or file share). The crash reproduces reliably when the file is processed by mysofa_open, which calls mysofa_open_default, then mysofa_tocartesian, and ultimately the vulnerable changeAttribute at line 37 of tools.c [1]. The segmentation fault occurs due to the NULL pointer dereference in strcmp called on attr->value.
Impact
Successful exploitation results in a NULL pointer dereference, causing a segmentation fault and denial of service (application crash). In environments with restrictive memory protection (e.g., standard Linux user-space), the process terminates with SIGSEGV. In embedded or memory-constrained systems where memory protections are absent, this may also lead to near-NULL pointer overwrites that could potentially be leveraged further, though the primary impact is denial of service [1].
Mitigation
The libmysofa project has not released a public fix as of the CVE publication date (2021-02-08). Users should avoid processing untrusted HRTF files with affected versions (0.5 to 1.1) and monitor the project's issue tracker for a patch. The vulnerability is not known to be listed in CISA's KEV. No official workaround is documented beyond input validation at the application level [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- libmysofa/libmysofadescription
- osv-coords2 versionspkg:rpm/opensuse/libmysofa&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/libmysofa&distro=SUSE%20Package%20Hub%2015%20SP2
< 0.9.1-lp152.3.3.1+ 1 more
- (no CPE)range: < 0.9.1-lp152.3.3.1
- (no CPE)range: < 0.9.1-bp152.4.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing NULL pointer check on `attr->value` in `changeAttribute` allows a crafted SOFA file to cause a NULL pointer dereference."
Attack vector
An attacker supplies a maliciously crafted SOFA file to an application that calls `mysofa_open`. The file triggers a NULL pointer dereference in `changeAttribute` (tools.c:37) when the `attr->value` pointer is NULL, causing a segmentation fault. No authentication or special network access is required — the attack vector is purely file-based (local or remote file upload). [ref_id=1]
Affected code
The vulnerability resides in the `changeAttribute` function in `tools.c` (line 37) and is reachable via `convertArray2` in `spherical.c` (line 27), `mysofa_tocartesian`, and ultimately `mysofa_open` / `mysofa_open_default` in `easy.c`. The entire libmysofa library versions 0.5 through 1.1 are affected.
What the fix does
The advisory does not include a published patch. The recommended remediation is to add a NULL check on `attr->value` before calling `strcmp` in `changeAttribute` (tools.c:37). Without such a check, any SOFA file that omits or sets a NULL attribute value will crash the process.
Preconditions
- inputThe attacker must be able to supply a malformed SOFA file to the application (e.g., via file upload or direct file open).
- configThe application must call `mysofa_open` (or `mysofa_open_default`) on the attacker-controlled file.
Generated on May 31, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQLNZOVVONQSZZJHQVZT6NMOUUDMGBBR/mitrevendor-advisoryx_refsource_FEDORA
- github.com/hoene/libmysofa/issues/137mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.