Request for review of soundtouch (security)
gabor.karsay at gmx.at
Thu Nov 30 14:24:12 UTC 2017
soundtouch has 3 low urgency security issues. There is an upstream
commit that apparently fixes them, however without mentioning the
issues or any bug references in the commit.
The full disclosure of the CVEs provides 3 crafted wav files that can
be run with soundstretch, the main consumer of libsoundtouch. 1 of the
files causes an infinite loop (CVE-2017-9258), the others cause 2
different crashes (CVE-2017-9259, CVE-2017-9260).
I stripped not directly related changes, applied the patch in sid and
soundstretch returns for all 3 files with "Error: Excessive samplerate"
(no loop, no crash).
I tested it only in unstable. I guess it should be also applied to
wheezy, jessie, stretch, but I don't know how. Source and patch have
Windows-style CRLF so that patch doesn't complain about line endings.
More information about the pkg-multimedia-maintainers