ArchLinuxASA-201708-9[ASA-201708-9] audiofile: multiple issues
0.013 Low
EPSS
Percentile
85.7%
Arch Linux Security Advisory ASA-201708-9
Severity: High
Date : 2017-08-14
CVE-ID : CVE-2017-6827 CVE-2017-6828 CVE-2017-6829 CVE-2017-6830
CVE-2017-6831 CVE-2017-6832 CVE-2017-6833 CVE-2017-6834
CVE-2017-6835 CVE-2017-6836 CVE-2017-6837 CVE-2017-6838
CVE-2017-6839
Package : audiofile
Type : multiple issues
Remote : No
Link : https://security.archlinux.org/AVG-205
Summary
The package audiofile before version 0.3.6-4 is vulnerable to multiple
issues including arbitrary code execution, arbitrary command execution
and denial of service.
Resolution
Upgrade to 0.3.6-4.
pacman -Syu “audiofile>=0.3.6-4”
The problems have been fixed upstream but no release is available yet.
Workaround
None.
Description
- CVE-2017-6827 (arbitrary code execution)
Heap-based buffer overflow in msdapcmInitializeCoefficients
(msadcpcm.cpp) could lead to arbitrary code execution.
- CVE-2017-6828 (arbitrary code execution)
Heap-based buffer overflow in readValue (filehandle.cpp) could lead to
arbitrary code execution.
- CVE-2017-6829 (arbitrary code execution)
Global buffer overflow in decodesample (ima.cpp) that could lead to
arbitrary code execution
- CVE-2017-6830 (arbitrary code execution)
Heap-based buffer overflow in alaw2linear_buf that could lead to
arbitrary code execution.
- CVE-2017-6831 (arbitrary code execution)
Heap-based buffer overflow in IMA::decodeBlockWAVE (IMA.cpp) that could
lead to arbitrary code execution.
- CVE-2017-6832 (arbitrary code execution)
Heap-based buffer overflow in MSADPCM::decodeBlock (MSADPCM.cpp) that
could lead to arbitrary code execution.
- CVE-2017-6833 (denial of service)
Divide-by-zero triggers a crash in BlockCodec::runPull
(BlockCodec.cpp)
- CVE-2017-6834 (arbitrary code execution)
Heap-based buffer overflow in ulaw2linear_buf (G711.cpp)
- CVE-2017-6835 (denial of service)
Divide-by-zero triggers crash in BlockCodec::reset1 (BlockCodec.cpp)
- CVE-2017-6836 (arbitrary command execution)
audiofile: heap-based buffer overflow in Expand3To4Module::run
(SimpleModule.h)
- CVE-2017-6837 (denial of service)
Integer overflow triggering an assertion on the WAVE module using
sfconvert.
- CVE-2017-6838 (denial of service)
Integer overflow with the sfconvert command.
- CVE-2017-6839 (denial of service)
Integer overflow in sfconvert with the MSADPCM module.
Impact
An attacker can cause a denial of service, or execute arbitrary code or
command on the affected host via a crafted audio file.
References
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcminitializecoefficients-msadpcm-cpp/
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-readvalue-filehandle-cpp/
https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp/
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp/
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp/
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp/
https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp/
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp/
https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp/
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h/
https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
https://security.archlinux.org/CVE-2017-6827
https://security.archlinux.org/CVE-2017-6828
https://security.archlinux.org/CVE-2017-6829
https://security.archlinux.org/CVE-2017-6830
https://security.archlinux.org/CVE-2017-6831
https://security.archlinux.org/CVE-2017-6832
https://security.archlinux.org/CVE-2017-6833
https://security.archlinux.org/CVE-2017-6834
https://security.archlinux.org/CVE-2017-6835
https://security.archlinux.org/CVE-2017-6836
https://security.archlinux.org/CVE-2017-6837
https://security.archlinux.org/CVE-2017-6838
https://security.archlinux.org/CVE-2017-6839
References
blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp/
blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp/
blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp/
blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp/
blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h/
blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp/
blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp/
blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcminitializecoefficients-msadpcm-cpp/
blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-readvalue-filehandle-cpp/
blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp/
blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
security.archlinux.org/AVG-205
security.archlinux.org/CVE-2017-6827
security.archlinux.org/CVE-2017-6828
security.archlinux.org/CVE-2017-6829
security.archlinux.org/CVE-2017-6830
security.archlinux.org/CVE-2017-6831
security.archlinux.org/CVE-2017-6832
security.archlinux.org/CVE-2017-6833
security.archlinux.org/CVE-2017-6834
security.archlinux.org/CVE-2017-6835
security.archlinux.org/CVE-2017-6836
security.archlinux.org/CVE-2017-6837
security.archlinux.org/CVE-2017-6838
security.archlinux.org/CVE-2017-6839
Related
