[ASA-201708-9] audiofile: multiple issues

2017-08-14T00:00:00
ID ASA-201708-9
Type archlinux
Reporter ArchLinux
Modified 2017-08-14T00:00:00

Description

Arch Linux Security Advisory ASA-201708-9

Severity: High Date : 2017-08-14 CVE-ID : CVE-2017-6827 CVE-2017-6828 CVE-2017-6829 CVE-2017-6830 CVE-2017-6831 CVE-2017-6832 CVE-2017-6833 CVE-2017-6834 CVE-2017-6835 CVE-2017-6836 CVE-2017-6837 CVE-2017-6838 CVE-2017-6839 Package : audiofile Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-205

Summary

The package audiofile before version 0.3.6-4 is vulnerable to multiple issues including arbitrary code execution, arbitrary command execution and denial of service.

Resolution

Upgrade to 0.3.6-4.

pacman -Syu "audiofile>=0.3.6-4"

The problems have been fixed upstream but no release is available yet.

Workaround

None.

Description

  • CVE-2017-6827 (arbitrary code execution)

Heap-based buffer overflow in msdapcmInitializeCoefficients (msadcpcm.cpp) could lead to arbitrary code execution.

  • CVE-2017-6828 (arbitrary code execution)

Heap-based buffer overflow in readValue (filehandle.cpp) could lead to arbitrary code execution.

  • CVE-2017-6829 (arbitrary code execution)

Global buffer overflow in decodesample (ima.cpp) that could lead to arbitrary code execution

  • CVE-2017-6830 (arbitrary code execution)

Heap-based buffer overflow in alaw2linear_buf that could lead to arbitrary code execution.

  • CVE-2017-6831 (arbitrary code execution)

Heap-based buffer overflow in IMA::decodeBlockWAVE (IMA.cpp) that could lead to arbitrary code execution.

  • CVE-2017-6832 (arbitrary code execution)

Heap-based buffer overflow in MSADPCM::decodeBlock (MSADPCM.cpp) that could lead to arbitrary code execution.

  • CVE-2017-6833 (denial of service)

Divide-by-zero triggers a crash in BlockCodec::runPull (BlockCodec.cpp)

  • CVE-2017-6834 (arbitrary code execution)

Heap-based buffer overflow in ulaw2linear_buf (G711.cpp)

  • CVE-2017-6835 (denial of service)

Divide-by-zero triggers crash in BlockCodec::reset1 (BlockCodec.cpp)

  • CVE-2017-6836 (arbitrary command execution)

audiofile: heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h)

  • CVE-2017-6837 (denial of service)

Integer overflow triggering an assertion on the WAVE module using sfconvert.

  • CVE-2017-6838 (denial of service)

Integer overflow with the sfconvert command.

  • CVE-2017-6839 (denial of service)

Integer overflow in sfconvert with the MSADPCM module.

Impact

An attacker can cause a denial of service, or execute arbitrary code or command on the affected host via a crafted audio file.

References

https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcminitializecoefficients-msadpcm-cpp/ https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-readvalue-filehandle-cpp/ https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp/ https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp/ https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp/ https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp/ https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp/ https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp/ https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp/ https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h/ https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/ https://security.archlinux.org/CVE-2017-6827 https://security.archlinux.org/CVE-2017-6828 https://security.archlinux.org/CVE-2017-6829 https://security.archlinux.org/CVE-2017-6830 https://security.archlinux.org/CVE-2017-6831 https://security.archlinux.org/CVE-2017-6832 https://security.archlinux.org/CVE-2017-6833 https://security.archlinux.org/CVE-2017-6834 https://security.archlinux.org/CVE-2017-6835 https://security.archlinux.org/CVE-2017-6836 https://security.archlinux.org/CVE-2017-6837 https://security.archlinux.org/CVE-2017-6838 https://security.archlinux.org/CVE-2017-6839