Bug 1059912 - (CVE-2017-14245) VUL-0: CVE-2017-14245: libsndfile: out of bounds read in the function d2alaw_array() in alaw.c
(CVE-2017-14245)
VUL-0: CVE-2017-14245: libsndfile: out of bounds read in the function d2alaw_...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Takashi Iwai
Security Team bot
https://smash.suse.de/issue/192299/
CVSSv2:SUSE:CVE-2017-14245:5.0:(AV:N...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-09-22 07:53 UTC by Alexander Bergmann
Modified: 2020-07-26 13:58 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
QA Reproducer (1.00 KB, application/zip)
2017-09-22 07:58 UTC, Alexander Bergmann
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2017-09-22 07:53:15 UTC
CVE-2017-14245

An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile
1.0.28 may lead to a remote DoS attack or information disclosure, related to
mishandling of the NAN and INFINITY floating-point values.

Upstream bug:
https://github.com/erikd/libsndfile/issues/317

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14245
Comment 1 Alexander Bergmann 2017-09-22 07:58:16 UTC
Created attachment 741540 [details]
QA Reproducer

This zip file includes 4 reproducers. 

Working:
#> ./sndfile-convert -ulaw crash_max\=inf_2_nan out.vox
Segmentation fault (core dumped)
#> ./sndfile-convert -ulaw crash-get_inf_from_host_read_d out.vox
Segmentation fault (core dumped)
#> ./sndfile-convert -ulaw crash1-get-nan-from-host out.vox      
Segmentation fault (core dumped)

Not working:
#> ./sndfile-convert -ulaw crash3-0div0-nan out.vox

The sndfile tools are not distributed via SLE. The straight forward way to test this is to compile the srcpackage (rpmbuild -bc libsndfile.spec) directly on the test system. The binaries are then located in libsndfile-1.0.25/programs/.libs.
Comment 2 Takashi Iwai 2017-09-22 08:06:57 UTC
I'll be on vacation, so please reassign to someone else.
Comment 4 Takashi Iwai 2017-12-19 15:54:18 UTC
The tentative fix was backported to multimedia:libs (TW), SUSE:SLE-12:Update and SUSE:SLE-11-SP1:Update.

It's not merged to upstream yet, but papers over the issues at least.
Comment 6 Swamp Workflow Management 2018-02-02 17:09:18 UTC
SUSE-SU-2018:0351-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1038856,1059911,1059912,1059913,1069874
CVE References: CVE-2017-14245,CVE-2017-14246,CVE-2017-14634,CVE-2017-16942
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    libsndfile-1.0.20-2.19.7.3
SUSE Linux Enterprise Server 11-SP4 (src):    libsndfile-1.0.20-2.19.7.3
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libsndfile-1.0.20-2.19.7.3
Comment 7 Swamp Workflow Management 2018-02-02 17:10:30 UTC
SUSE-SU-2018:0352-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1043978,1059911,1059912,1059913,1069874
CVE References: CVE-2017-14245,CVE-2017-14246,CVE-2017-14634,CVE-2017-16942,CVE-2017-6892
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    libsndfile-1.0.25-36.7.2
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    libsndfile-1.0.25-36.7.2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    libsndfile-1.0.25-36.7.2
SUSE Linux Enterprise Server 12-SP3 (src):    libsndfile-1.0.25-36.7.2
SUSE Linux Enterprise Server 12-SP2 (src):    libsndfile-1.0.25-36.7.2
SUSE Linux Enterprise Desktop 12-SP3 (src):    libsndfile-1.0.25-36.7.2
SUSE Linux Enterprise Desktop 12-SP2 (src):    libsndfile-1.0.25-36.7.2
Comment 8 Swamp Workflow Management 2018-02-07 23:07:32 UTC
openSUSE-SU-2018:0388-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1043978,1059911,1059912,1059913,1069874
CVE References: CVE-2017-14245,CVE-2017-14246,CVE-2017-14634,CVE-2017-16942,CVE-2017-6892
Sources used:
openSUSE Leap 42.3 (src):    libsndfile-1.0.25-31.1, libsndfile-progs-1.0.25-31.1
Comment 9 Marcus Meissner 2018-02-08 05:57:29 UTC
released
Comment 11 Swamp Workflow Management 2018-11-23 14:30:19 UTC
This is an autogenerated message for OBS integration:
This bug (1059912) was mentioned in
https://build.opensuse.org/request/show/651387 Factory / libsndfile