Bug 1610608 (CVE-2018-14522)

Summary: CVE-2018-14522 aubio: SEGV signal in pitch/pitch.c:aubio_pitch_set_unit()
Product: [Other] Security Response Reporter: Sam Fowler <sfowler>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED UPSTREAM QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: brendan.jones.it, green, nphilipp
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-10 10:34:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1610611    
Bug Blocks:    

Description Sam Fowler 2018-08-01 03:49:51 UTC 
An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.


Upstream Issue:

https://github.com/aubio/aubio/issues/188
Comment 1 Sam Fowler 2018-08-01 03:53:43 UTC 
Reproduced SEGV with aubio-0.4.2-8.fc28.x86_64 though different stack trace:

# aubionotes testcase3 2>&1 | ./asan_symbolizer.py -d
AUBIO ERROR: source_sndfile: Failed opening testcase3: Internal error : SF_INFO struct incomplete.
AUBIO ERROR: onset: samplerate (-2147461598) can not be < 1
AUBIO ERROR: onset: samplerate (-2147461598) can not be < 1
AddressSanitizer:DEADLYSIGNAL
=================================================================
==66==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 (pc 0x000000415572 bp 0x7fff2938fb60 sp 0x7fff2938fb20 T0)
==66==The signal is caused by a READ memory access.
==66==Hint: address points to the zero page.
    #0 0x415571 in ?? /usr/src/debug/aubio-0.4.2-8.fc28.x86_64/build/../src/onset/onset.c:51
    #1 0x403598 in ?? /usr/src/debug/aubio-0.4.2-8.fc28.x86_64/build/../examples/aubionotes.c:52
    #2 0x404c1a in ?? /usr/src/debug/aubio-0.4.2-8.fc28.x86_64/build/../examples/utils.c:156
    #3 0x404690 in ?? /usr/src/debug/aubio-0.4.2-8.fc28.x86_64/build/../examples/aubionotes.c:152
    #4 0x7f2b987e724a in __libc_start_main (/lib64/libc.so.6+0x2324a)
    #4 0x4022f9 in ?? ??:0

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/usr/bin/aubionotes+0x415571)
==66==ABORTING
Comment 2 Sam Fowler 2018-08-01 04:00:30 UTC 
Created aubio tracking bugs for this issue:

Affects: fedora-all [bug 1610611]
Comment 3 Product Security DevOps Team 2019-06-10 10:34:37 UTC 
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.