oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

opusfile by Xiph.Org Foundation, DoS vulnerability (SIGFPE)

From: Alex Sarum <rum.274.4 () gmail com>
Date: Thu, 4 Apr 2024 15:14:58 +0400
Hi,

I was doing vulnerability research on a project that uses the library as a
dependency. During the research, I found a vulnerability that I have
already informed the vendor about. It's been a long time, but the vendor
hasn't passed the information on to Xiph.Org Foundation, so I decided to do
it myself. I created an issue[1], but still have not received a comment
about reproducibility or fixing the vulnerability.

A copy of the vulnerability details below.

One of the possible paths of execution:

./opusfile/opusfile.c: op_open_file -> op_open_close_on_failure ->
op_open_callbacks -> op_open2 -> op_open_seekable2 ->
op_open_seekable2_impl -> op_bisect_forward_serialno ->
op_predict_link_start

SIGFPE:
https://github.com/xiph/opusfile/blob/9d718345ce03b2fad5d7d28e0bcd1cc69ab2b166/src/opusfile.c#L1089

Trigger: crash.zip[2]

[1]: https://github.com/xiph/opusfile/issues/48
[2]: https://github.com/xiph/opusfile/files/14397558/crash.zip
Previous By Date Next
Previous By Thread Next

Current thread: