PT-2017-17834 · Fraunhofer Iis · He-Aac+ Codec
Agostino Sarubbo
·
Published
2017-04-09
·
Updated
2022-12-09
·
CVE-2017-7603
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
HE-AAC+ Codec (aka libaacplus) version 2.0.2
Description
The issue is related to a signed integer overflow in the au channel.h file, which could allow remote attackers to cause a denial of service, resulting in an application crash, or possibly have other unspecified impacts. This can be achieved via a crafted audio file.
Recommendations
For HE-AAC+ Codec (aka libaacplus) version 2.0.2, consider updating to a newer version that addresses the signed integer overflow issue in the au channel.h file. As a temporary workaround, restrict the processing of crafted audio files to minimize the risk of exploitation.
Exploit
Fix
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
He-Aac+ Codec