CVE-2017-7697

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: libsamplerate versions prior to 0.1.9

Description: The issue is related to a buffer over-read in the calc output single function of the src sinc.c component in the Secret Rabbit Code library, which is used for audio sample rate conversion. This can be exploited by a remote attacker using a specially crafted audio file, potentially leading to a denial of service. The calc output single function is vulnerable to reading beyond the allowed boundaries of the data buffer.

Recommendations: For versions prior to 0.1.9, update to version 0.1.9 or later to resolve the issue. As a temporary workaround, consider restricting the use of the calc output single function in the src sinc.c component until a patch is available. Avoid using specially crafted audio files that could exploit this issue until the update is applied.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2016-2287

BDU:2023-07780

CVE-2017-7697

DLA-2845-1

MGASA-2017-0131

SUSE-SU-2017:1065-1

SUSE-SU-2017_1065-1

USN-5749-1

Affected Products

Alt Linux

Suse

Ubuntu

Libsamplerate

CVE-2017-7697

Weakness Enumeration

Related Identifiers

Affected Products

References · 29