CVE-2022-40923

Root

Cause

The vulnerability resides in the LIEF::MachO::SegmentCommand::virtual_address() function of the LIEF library, version 0.12.1. It is triggered when parsing a specially crafted Mach-O binary file, leading to a segmentation fault (SEGV) due to an invalid memory access (read at address 0x58) [1][3]. AddressSanitizer output confirms the crash occurs in SegmentCommand.cpp:137 during the parsing of dyld info binds in BinaryParser.tcc:1631 [3].

Attack

Vector

An attacker can cause a denial of service (DoS) by providing a malicious Mach-O file to any application that relies on LIEF to parse Mach-O files. No authentication or special privileges are required; the victim application simply needs to parse the crafted file, which can be delivered via email, web upload, or any other file exchange mechanism [3][4]. LIEF is commonly used as a library in security tools (e.g., disassemblers, binary instrumentation frameworks), making this a potential supply-chain risk.

Impact

Successful exploitation results in a segmentation fault, causing the application to crash. This constitutes a denial of service (DoS) condition, disrupting availability [4]. There is no evidence of code execution or memory corruption beyond the illustrated read access violation.

Mitigation

The issue has been patched in the LIEF repository commit 24935f654f6df700a9a062298258b9485f584502 [1]. Users should update to a version containing this fix. As LIEF is an open-source library, downstream projects must adopt the patched version to close the vulnerability [2].