FreeBSD: VID-7D53D8DA-D07A-11E9-8F1A-001999F8D30B (CVE-2019-15639): asterisk -- Remote Crash Vulnerability in audio transcoding

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-7D53D8DA-D07A-11E9-8F1A-001999F8D30B:

The Asterisk project reports:

When audio frames are given to the audio transcoding

support in Asterisk the number of samples are examined

and as part of this a message is output to indicate that

no samples are present. A change was done to suppress

this message for a particular scenario in which the message

was not relevant. This change assumed that information

about the origin of a frame will always exist when in

reality it may not.

This issue presented itself when an RTP packet containing

no audio (and thus no samples) was received. In a particular

transcoding scenario this audio frame would get turned

into a frame with no origin information. If this new frame

was then given to the audio transcoding support a crash

would occur as no samples and no origin information would

be present. The transcoding scenario requires the genericplc

option to be set to enabled (the default) and a transcoding

path from the source format into signed linear and then

from signed linear into another format.

Note that there may be other scenarios that have not

been found which can cause an audio frame with no origin

to be given to the audio transcoding support and thus

cause a crash.