Package: libsndfile1 Version: 1.0.20-1 Severity: normal Tags: security Hi,
I have discovered six different SIGFPE crashes with crafted input files in libsndfile. Triggering input files are attached. The crashes are: 1) in htk.c:198 (htk_read_header), divisor sample_period can be 0. 2) in alaw.c:72 (alaw_init), divisor psf->blockwidth can be 0. 3) in ulaw.c:62 (ulaw_init), divisor psf->blockwidth can be 0. 4) in pcm.c:274 (pcm_init), divisor psf->blockwidth can be 0. 5) in float32.c:244 (float32_init), divisor psf->blockwidth can be 0. 6) in sds.c:279 (sds_read_header), psds->bitwidth can be 0, resulting in divisor ((psds->bitwidth + 6) / 7) getting the value of 0. Run for example sndfile-info (from the sndfile-programs package) with one of these files as parameter to see the crash. I don't know what the security impact is, but since I assume libsndfile is used by lots of applications for data obtained from untrusted sources, I thought I'd tag this security. In any case it should be at most denial of service. Untag if you think it's not securitywise important. Sami -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.29.3 (SMP w/4 CPU cores; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libsndfile1 depends on: ii libc6 2.9-13 GNU C Library: Shared libraries ii libflac8 1.2.1-1.2 Free Lossless Audio Codec - runtim ii libogg0 1.1.3-5 Ogg Bitstream Library ii libvorbis0a 1.2.0.dfsg-4 The Vorbis General Audio Compressi ii libvorbisenc2 1.2.0.dfsg-4 The Vorbis General Audio Compressi libsndfile1 recommends no packages. libsndfile1 suggests no packages. -- no debconf information
1.data
Description: Binary data
2.data
Description: Binary data
3.data
Description: Binary data
4.data
Description: Binary data
5.data
Description: Binary data
6.data
Description: Binary data
signature.asc
Description: Digital signature