SIGFPE crash with crafted PAF file
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libsndfile (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
When opening a crafted PAF file with channels=0 in the header, I receive a floating point exception error from libsndfile. I have verified this is different than any of the reported SIGFPEs in CVE-2009-4835, as they don't work on v21 or v25. This has been tested on two systems with four versions of libsndfile:
Ubuntu 10.04.4:
*libsndfile-
*libsndfile-
*libsndfile-
Ubuntu 12.04
*libsndfile-
*libsndfile-
On 10.04.4 I used the test programs "lt-sndfile-info", "lt-sndfile-
------------
$ ./lt-sndfile-info a.paf
Version : libsndfile-1.0.25
Floating point exception
------------
I have attached a tar file with the crafted audio file, a.paf. It also includes another, b.paf, where the only change is channels=1 to demonstrate different behavior.
Though this isn't a serious problem (libsndfile isn't a service), I've tagged it as a security vulnerability since I presume it's going to be a CWE_369 (I haven't looked at the source myself).
description: | updated |
This also affects libsndfile on Windows, as it's bundled with programs like the Windows version of Audacity. I didn't feel that was appropriate for the main text in an Ubuntu bug report though.