A division by zero occurs in aiff.c in aiff_rewrite_header. headIndex is initialized to zero and if all the conditions for modifying it fail, it will be used in division in psf_fwrite, resulting in crash. Upstream patch: https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6#diff-4b3e9c7e86f66ff8285771969745e133 CVE assignment: http://seclists.org/oss-sec/2015/q4/218
Created libsndfile tracking bugs for this issue: Affects: fedora-all [bug 1277942] Affects: epel-5 [bug 1277943]
*** This bug has been marked as a duplicate of bug 1177254 ***