Request for review of soundtouch (security)
Gabor Karsay
gabor.karsay at gmx.at
Thu Nov 30 14:24:12 UTC 2017
Hi,
soundtouch has 3 low urgency security issues[0]. There is an upstream
commit[1] that apparently fixes them, however without mentioning the
issues or any bug references in the commit.
The full disclosure[2] of the CVEs provides 3 crafted wav files that can
be run with soundstretch, the main consumer of libsoundtouch. 1 of the
files causes an infinite loop (CVE-2017-9258), the others cause 2
different crashes (CVE-2017-9259, CVE-2017-9260).
I stripped not directly related changes, applied the patch in sid and
soundstretch returns for all 3 files with "Error: Excessive samplerate"
(no loop, no crash).
I tested it only in unstable. I guess it should be also applied to
wheezy, jessie, stretch, but I don't know how. Source and patch have
Windows-style CRLF so that patch doesn't complain about line endings.
Regards,
Gabor
[0] https://security-tracker.debian.org/tracker/source-package/soundtouch
[1] https://sourceforge.net/p/soundtouch/code/256/
[2] http://seclists.org/fulldisclosure/2017/Jul/62
More information about the pkg-multimedia-maintainers
mailing list