CVE-2017-6837

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Audio File Library (aka audiofile) version 0.3.6

Description The issue allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients. This is related to the WAVE.cpp file in the Audio File Library.

Recommendations For Audio File Library (aka audiofile) version 0.3.6, consider restricting access to the WAVE.cpp file or limiting the number of coefficients that can be processed to prevent a denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

AZL-36929

AZL-7180

CVE-2017-6837

DLA-867-1

DSA-3814-1

MGASA-2017-0129

OPENSUSE-SU-2024:10640-1

ROSA-SA-2025-2636

SUSE-SU-2017:0940-1

SUSE-SU-2017:1182-1

USN-3241-1

Affected Products

Audio File Library

Suse

Ubuntu

CVE-2017-6837

Weakness Enumeration

Related Identifiers

Affected Products

References · 67