CVE-2017-9129

Name of the Vulnerable Software and Affected Versions FAAC version 1.28

Description The issue allows remote attackers to cause a denial of service, resulting in a large loop, via a crafted wav file. This is due to a problem in the wav open read function in frontend/input.c.

Recommendations For FAAC version 1.28, consider avoiding the use of the wav open read function until a patch is available. As a temporary workaround, restrict the processing of wav files from untrusted sources to minimize the risk of exploitation.