Login Sign Up

CVE-2021-39546

7.8 HIGH
Buffer Overflow

📋 TL;DR

CVE-2021-39546 is a heap-based buffer overflow vulnerability in the sela audio library's RiceDecoder::process() function. Attackers can exploit this to execute arbitrary code or cause denial of service by providing specially crafted audio files. Users and applications that process audio files using sela versions through 20200412 are affected.

💻 Affected Systems

Products:
  • sela audio library
Versions: All versions through 20200412
Operating Systems: All platforms where sela is compiled and used
Default Config Vulnerable: ⚠️ Yes
Notes: Any application that uses sela library to decode audio files is vulnerable when processing untrusted input.

📦 What is this software?

Sela by Sela Project

View all CVEs affecting Sela →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crash causing denial of service, potentially leading to data corruption in audio processing applications.

🟢

If Mitigated

Application crash contained within sandboxed environment with minimal impact.

🌐 Internet-Facing: MEDIUM - Requires processing of malicious audio files, which could be uploaded to web services or downloaded by applications.
🏢 Internal Only: LOW - Typically requires user interaction to process malicious files, though automated systems could be vulnerable.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Proof of concept exists in GitHub issue #29. Exploitation requires crafting malicious audio files that trigger the buffer overflow.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 20200412

Vendor Advisory: https://github.com/sahaRatul/sela/issues/29

Restart Required: Yes

Instructions:

1. Update sela library to version after 20200412. 2. Recompile any applications using sela. 3. Restart affected services.

🔧 Temporary Workarounds

Input validation and sanitization

all

Implement strict validation of audio files before processing with sela library

Sandbox audio processing

all

Run sela-based audio processing in isolated containers or sandboxes

🧯 If You Can't Patch

  • Implement network segmentation to isolate systems using sela
  • Deploy application allowlisting to prevent execution of unknown audio processing tools

🔍 How to Verify

Check if Vulnerable:

Check if sela library version is 20200412 or earlier: ldd /path/to/application | grep sela and check version in headers

Check Version:

strings /usr/lib/libsela.so | grep -i version || pkg-config --modversion sela

Verify Fix Applied:

Verify sela library version is newer than 20200412 and test with known malicious audio samples

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with segmentation faults in sela-related processes
  • Unusual memory allocation patterns in audio processing applications

Network Indicators:

  • Large or malformed audio file uploads to web services
  • Unexpected network connections from audio processing services

SIEM Query:

process_name:sela AND (event_type:crash OR memory_usage:>threshold)

📊 Metadata

CVE ID: CVE-2021-39546
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: September 20, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-39546, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)