* [Security]FPE in alsa-utils axfer `wave_parser_pre_process [not found] <18bf60dd6688f500-webhooks-bot@alsa-project.org> @ 2026-07-05 11:21 ` GitHub issues - opened 0 siblings, 0 replies; only message in thread From: GitHub issues - opened @ 2026-07-05 11:21 UTC (permalink / raw) To: alsa-devel alsa-project/alsa-utils issue #332 was opened from eglonnnn: ### Description A floating point exception vulnerability in alsa-utils v1.2.15.2. When `axfer`'s WAVE container parser processes a crafted WAVE file missing the `fmt` chunk, `samples_per_frame` and `frames_per_second` remain zero, causing a division-by-zero in `wave_parser_pre_process()`. ### Impact - Denial-of-service via process crash - Any user processing untrusted WAVE files with axfer is affected ### Reproduction All materials are available in my research repository: https://github.com/eglonnnn/opensource-fuzz-vulnerability-research/tree/main/FPE%20in%20alsa-utils%20axfer%20wave_parser_pre_process Issue URL : https://github.com/alsa-project/alsa-utils/issues/332 Repository URL: https://github.com/alsa-project/alsa-utils ^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-07-05 11:22 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <18bf60dd6688f500-webhooks-bot@alsa-project.org>
2026-07-05 11:21 ` [Security]FPE in alsa-utils axfer `wave_parser_pre_process GitHub issues - opened
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.