Bugzilla – Bug 914439
VUL-0: CVE-2014-9638: vorbis-tools: Oggenc division by zero issue
Last modified: 2016-04-27 19:33:56 UTC
CVE-2014-9638 A crafted WAV file with number of channels set to 0 will cause oggenc to crash due to a division by zero issue at : Stopped reason: SIGFPE 0x0804d497 in wav_open (in=0x805c368, opt=0xbffff2ec, oldbuf=0x805c4d0 "RIFF\f\002", buflen=0xc) at audio.c:552 552 opt->total_samples_per_channel = len/(format.channels*samplesize); Tests were performed using vorbis-tools 1.4.0 References: https://trac.xiph.org/attachment/ticket/2137/crash_div_zero.wav (reproducer) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9638 http://seclists.org/oss-sec/2015/q1/220 http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9638.html
bugbot adjusting priority
The simple patch below fixes the crash. Also, it fixes CVE-2014-9639 (bnc#914441), too.
Created attachment 621897 [details] Fix patch
I sent the patch to upstream now. Will update the packages once when it's accepted (or at least rejected).
The patch didn't seem reaching to upstream, maybe filtered by ML server by some reason. In anway, I applied a similar fix Fedora took instead. The bug seems affecting SLE10, SLE11, SLE12, oS13.1, os13.2 and FACTORY. I submitted the fixed packages to all branches. Note that the fix patch is for both this bug (bnc#914439, CVE-2014-9638) and another one (bnc#914441, CVE-2014-9639) in a shot.
This is an autogenerated message for OBS integration: This bug (914439) was mentioned in https://build.opensuse.org/request/show/289678 13.2 / vorbis-tools https://build.opensuse.org/request/show/289679 13.1 / vorbis-tools
openSUSE-SU-2015:0522-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 914439,914441 CVE References: CVE-2014-9638,CVE-2014-9639 Sources used: openSUSE 13.2 (src): vorbis-tools-1.4.0-17.8.1 openSUSE 13.1 (src): vorbis-tools-1.4.0-14.16.1
SUSE-SU-2015:1014-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 914439,914441 CVE References: CVE-2014-9638,CVE-2014-9639 Sources used: SUSE Linux Enterprise Server 12 (src): vorbis-tools-1.4.0-23.1 SUSE Linux Enterprise Desktop 12 (src): vorbis-tools-1.4.0-23.1
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-10-21. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62305
SUSE-SU-2015:1775-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 914439,914441,943795 CVE References: CVE-2014-9638,CVE-2014-9639,CVE-2015-6749 Sources used: SUSE Linux Enterprise Desktop 11-SP4 (src): vorbis-tools-1.1.1-174.1 SUSE Linux Enterprise Desktop 11-SP3 (src): vorbis-tools-1.1.1-174.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): vorbis-tools-1.1.1-174.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): vorbis-tools-1.1.1-174.1
fixed and released.