All of lore.kernel.org
 help / color / mirror / Atom feed
* [Security]FPE in alsa-utils axfer `wave_parser_pre_process
       [not found] <18bf60dd6688f500-webhooks-bot@alsa-project.org>
@ 2026-07-05 11:21 ` GitHub issues - opened
  0 siblings, 0 replies; only message in thread
From: GitHub issues - opened @ 2026-07-05 11:21 UTC (permalink / raw)
  To: alsa-devel

alsa-project/alsa-utils issue #332 was opened from eglonnnn:

### Description

A floating point exception vulnerability in alsa-utils v1.2.15.2. When `axfer`'s WAVE container parser processes a crafted WAVE file missing the `fmt` chunk, `samples_per_frame` and `frames_per_second` remain zero, causing a division-by-zero in `wave_parser_pre_process()`.

### Impact

- Denial-of-service via process crash
- Any user processing untrusted WAVE files with axfer is affected

### Reproduction

All materials are available in my research repository:
https://github.com/eglonnnn/opensource-fuzz-vulnerability-research/tree/main/FPE%20in%20alsa-utils%20axfer%20wave_parser_pre_process

Issue URL     : https://github.com/alsa-project/alsa-utils/issues/332
Repository URL: https://github.com/alsa-project/alsa-utils

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2026-07-05 11:22 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <18bf60dd6688f500-webhooks-bot@alsa-project.org>
2026-07-05 11:21 ` [Security]FPE in alsa-utils axfer `wave_parser_pre_process GitHub issues - opened

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.