PT-2017-18288 · Eric Youngdale+3 · Libsndfile+3

Agostino Sarubbo

·

Published

2017-04-30

·

Updated

2024-06-15

·

CVE-2017-8361

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions libsndfile version 1.0.28
Description The issue allows remote attackers to cause a denial of service, resulting in a buffer overflow and application crash, or possibly have other unspecified impacts via a crafted audio file. This is due to a problem in the flac buffer copy function in flac.c.
Recommendations For libsndfile version 1.0.28, consider avoiding the use of crafted audio files until a patch is available. As a temporary workaround, restrict the processing of audio files from untrusted sources to minimize the risk of exploitation.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2020-3449
ALT-PU-2020-3469
ALT-PU-2021-2149
CVE-2017-8361
DLA-1618-1
DLA-956-1
MGASA-2017-0168
OPENSUSE-SU-2024:10992-1
SUSE-SU-2017:1236-1
SUSE-SU-2017:1367-1
USN-3306-1

Affected Products

Alt Linux
Suse
Ubuntu
Libsndfile