Headline
CVE-2023-49994: Floating Point Exception exists in the function PeaksToHarmspect in wavegen.c · Issue #1823 · espeak-ng/espeak-ng
Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c.
System info
Ubuntu x86_64, clang 12.0
version: espeak-ng(1.52-dev)
Command line
./espeak-ng -f poc -w /dev/null
Poc
poc:poc
AddressSanitizer output
==4069818==ERROR: AddressSanitizer: FPE on unknown address 0x0000005aeced (pc 0x0000005aeced bp 0x000000fe792a sp 0x7fff82149c60 T0)
#0 0x5aeced in PeaksToHarmspect /src/espeak-ng/src/libespeak-ng/wavegen.c:456:87
#1 0x5b3639 in Wavegen /src/espeak-ng/src/libespeak-ng/wavegen.c:723:13
#2 0x5b3639 in WavegenFill2 /src/espeak-ng/src/libespeak-ng/wavegen.c:1331:13
#3 0x5b3639 in WavegenFill /src/espeak-ng/src/libespeak-ng/wavegen.c:1420:13
#4 0x54317c in Synthesize /src/espeak-ng/src/libespeak-ng/speech.c:461:3
#5 0x544552 in sync_espeak_Synth /src/espeak-ng/src/libespeak-ng/speech.c:571:29
#6 0x544552 in espeak_ng_Synthesize /src/espeak-ng/src/libespeak-ng/speech.c:669:10
#7 0x51fa9e in espeak_Synth /src/espeak-ng/src/libespeak-ng/espeak_api.c:90:32
#8 0x4cde94 in main /src/espeak-ng/src/espeak-ng.c:779:3
#9 0x7fd834ba0082 in __libc_start_main /build/glibc-BHL3KM/glibc-2.31/csu/…/csu/libc-start.c:308:16
#10 0x41d64d in _start (/src/espeak-ng/src/espeak-ng+0x41d64d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE /src/espeak-ng/src/libespeak-ng/wavegen.c:456:87 in PeaksToHarmspect
==4069818==ABORTING
Related news
Ubuntu Security Notice 6858-1 - It was discovered that eSpeak NG did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code.