Package: bs1770gain Version: 0.4.12-2 Severity: normal Tags: security divide by zero while running bs1770gain with "poc -o output" option
Running 'bs1770gain poc -o output' with the attached file raises divide by zero exception which may allow a remote attack to cause a denial-of-service attack. I expected the program to terminate without segfault, but the program crashes as follow ------------------------------------------- june@yuweol:~/poc/bs1770gain/crash1$ bs1770gain poc output analyzing ... [1/1] "poc": Floating point exception ------------------------------------------- Program received signal SIGFPE, Arithmetic exception. 0x00007ffff5858e6d in sox_flow_effects () from /usr/lib/x86_64-linux-gnu/libsox.so.2 (gdb) x/i $rip => 0x7ffff5858e6d <sox_flow_effects+2525>: div %rcx (gdb) i r rcx rcx 0x0 0 ------------------------------------------- This bug was found with a fuzzer developed by 'SoftSec' group at KAIST. -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-updates'), (500, 'testing'), (500, 'stable'), (1, 'experimental-debug') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages bs1770gain depends on: ii libavcodec57 7:3.3.4-2+b2 ii libavformat57 7:3.3.4-2+b2 ii libavutil55 7:3.3.4-2+b2 ii libc6 2.24-17 ii libsox2 14.4.1-5+b2 ii libswresample2 7:3.3.4-2+b2 bs1770gain recommends no packages. bs1770gain suggests no packages. -- no debconf information
poc
Description: audio/flac
_______________________________________________ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
