[Touch-packages] [Bug 1036831] Re: SIGFPE crash with crafted PAF file

Thu, 04 Mar 2021 23:45:30 -0800 

This bug was fixed in the package libsndfile - 1.0.31-1ubuntu1

---------------
libsndfile (1.0.31-1ubuntu1) hirsute; urgency=medium

  * debian/rules: forcefully enable tests (they are disabled by default on
    riscv64 in Ubuntu) because libsndfile1-dev wants to install test binaries
    (LP: #1917650)

 -- Olivier Tilloy <olivier.til...@canonical.com>  Wed, 03 Mar 2021
17:53:18 +0100

** Changed in: libsndfile (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libsndfile in Ubuntu.
https://bugs.launchpad.net/bugs/1036831

Title:
  SIGFPE crash with crafted PAF file

Status in libsndfile package in Ubuntu:
  Fix Released

Bug description:
  When opening a crafted PAF file with channels=0 in the header, I
  receive a floating point exception error from libsndfile.  I have
  verified this is different than any of the reported SIGFPEs in
  CVE-2009-4835, as they don't work on v21 or v25.  This has been tested
  on two systems with four versions of libsndfile:

  Ubuntu 10.04.4:
    *libsndfile-1.0.20 from CVE-2009-4835 reports
    *libsndfile-1.0.21-2 from /usr/lib via the 10.04 repository
    *libsndfile-1.0.25 compiled on the machine from the author's source page

  Ubuntu 12.04
    *libsndfile-1.0.25-4 from /usr/lib/x86_64-linux-gnu via the 12.04 repository
    *libsndfile-1.0.25 compiled on the machine from the author's source page

  On 10.04.4 I used the test programs "lt-sndfile-info", "lt-sndfile-to-
  text", and "Audacity 1.3.12-beta".  On 12.04 I just used "lt-sndfile-
  to-text".  An example:

  ------------
  $ ./lt-sndfile-info a.paf

  Version : libsndfile-1.0.25

  Floating point exception
  ------------

  I have attached a tar file with the crafted audio file, a.paf.  It
  also includes another, b.paf, where the only change is channels=1 to
  demonstrate different behavior.

  Though this isn't a serious problem (libsndfile isn't a service), I've
  tagged it as a security vulnerability since I presume it's going to be
  a CWE_369 (I haven't looked at the source myself).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libsndfile/+bug/1036831/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to