logo
DATABASE RESOURCES PRICING ABOUT US

[SECURITY] [DLA 1618-1] libsndfile security update

Description

Package : libsndfile Version : 1.0.25-9.1+deb8u2 CVE ID : CVE-2017-8361 CVE-2017-8362 CVE-2017-8363 CVE-2017-8365 CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 CVE-2017-17456 CVE-2017-17457 CVE-2018-13139 CVE-2018-19432 CVE-2018-19661 CVE-2018-19662 Multiple vulnerabilities have been found in libsndfile, the library for reading and writing files containing sampled sound. CVE-2017-8361 The flac_buffer_copy function (flac.c) is affected by a buffer overflow. This vulnerability might be leveraged by remote attackers to cause a denial of service, or possibly have unspecified other impact via a crafted audio file. CVE-2017-8362 The flac_buffer_copy function (flac.c) is affected by an out-of-bounds read vulnerability. This flaw might be leveraged by remote attackers to cause a denial of service via a crafted audio file. CVE-2017-8363 The flac_buffer_copy function (flac.c) is affected by a heap based OOB read vulnerability. This flaw might be leveraged by remote attackers to cause a denial of service via a crafted audio file. CVE-2017-8365 The i2les_array function (pcm.c) is affected by a global buffer overflow. This vulnerability might be leveraged by remote attackers to cause a denial of service, or possibly have unspecified other impact via a crafted audio file. CVE-2017-14245 CVE-2017-14246 CVE-2017-17456 CVE-2017-17457 The d2alaw_array() and d2ulaw_array() functions (src/ulaw.c and src/alaw.c) are affected by an out-of-bounds read vulnerability. This flaw might be leveraged by remote attackers to cause denial of service or information disclosure via a crafted audio file. CVE-2017-14634 The double64_init() function (double64.c) is affected by a divide-by-zero error. This vulnerability might be leveraged by remote attackers to cause denial of service via a crafted audio file. CVE-2018-13139 The psf_memset function (common.c) is affected by a stack-based buffer overflow. This vulnerability might be leveraged by remote attackers to cause a denial of service, or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave. CVE-2018-19432 The sf_write_int function (src/sndfile.c) is affected by an out-of-bounds read vulnerability. This flaw might be leveraged by remote attackers to cause a denial of service via a crafted audio file. CVE-2018-19661 CVE-2018-19662 The i2alaw_array() and i2ulaw_array() functions (src/ulaw.c and src/alaw.c) are affected by an out-of-bounds read vulnerability. This flaw might be leveraged by remote attackers to cause denial of service or information disclosure via a crafted audio file. For Debian 8 "Jessie", these problems have been fixed in version 1.0.25-9.1+deb8u2. We recommend that you upgrade your libsndfile packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS


Affected Package


OS OS Version Package Name Package Version
Debian 9 sndfile-programs 1.0.27-3+deb9u1
Debian 8 libsndfile1-dev 1.0.25-9.1+deb8u2
Debian 8 libsndfile1 1.0.25-9.1+deb8u2
Debian 7 libsndfile1 1.0.25-9.1+deb7u2
Debian 7 libsndfile1-dev 1.0.25-9.1+deb7u2
Debian 7 libsndfile1-dev 1.0.25-9.1+deb7u2
Debian 9 libsndfile1-dbg 1.0.27-3+deb9u1
Debian 9 libsndfile1-dev 1.0.27-3+deb9u1
Debian 9 libsndfile1-dev 1.0.27-3+deb9u1
Debian 7 libsndfile1 1.0.25-9.1+deb7u2
Debian 7 sndfile-programs 1.0.25-9.1+deb7u2
Debian 8 sndfile-programs 1.0.25-9.1+deb8u2
Debian 9 sndfile-programs 1.0.27-3+deb9u1
Debian 9 libsndfile1-dbg 1.0.27-3+deb9u1
Debian 9 libsndfile1-dev 1.0.27-3+deb9u1
Debian 7 sndfile-programs 1.0.25-9.1+deb7u2
Debian 8 libsndfile 1.0.25-9.1+deb8u2
Debian 9 libsndfile1-dev 1.0.27-3+deb9u1
Debian 9 libsndfile1 1.0.27-3+deb9u1
Debian 9 sndfile-programs-dbg 1.0.27-3+deb9u1
Debian 9 sndfile-programs 1.0.27-3+deb9u1
Debian 8 libsndfile1-dev 1.0.25-9.1+deb8u2
Debian 7 libsndfile1 1.0.25-9.1+deb7u2
Debian 7 libsndfile 1.0.25-9.1+deb7u2
Debian 8 sndfile-programs-dbg 1.0.25-9.1+deb8u2
Debian 9 sndfile-programs-dbg 1.0.27-3+deb9u1
Debian 9 sndfile-programs 1.0.27-3+deb9u1
Debian 9 libsndfile1 1.0.27-3+deb9u1
Debian 8 libsndfile1-dbg 1.0.25-9.1+deb8u2
Debian 9 sndfile-programs 1.0.27-3+deb9u1
Debian 9 sndfile-programs-dbg 1.0.27-3+deb9u1
Debian 8 libsndfile1-dbg 1.0.25-9.1+deb8u2
Debian 8 sndfile-programs 1.0.25-9.1+deb8u2
Debian 8 libsndfile1 1.0.25-9.1+deb8u2
Debian 7 libsndfile1-dev 1.0.25-9.1+deb7u2
Debian 9 libsndfile1-dbg 1.0.27-3+deb9u1
Debian 7 libsndfile1 1.0.25-9.1+deb7u2
Debian 8 libsndfile1-dev 1.0.25-9.1+deb8u2
Debian 8 sndfile-programs-dbg 1.0.25-9.1+deb8u2
Debian 9 libsndfile1 1.0.27-3+deb9u1
Debian 8 libsndfile1-dbg 1.0.25-9.1+deb8u2
Debian 8 sndfile-programs-dbg 1.0.25-9.1+deb8u2
Debian 9 libsndfile1-dev 1.0.27-3+deb9u1
Debian 8 sndfile-programs-dbg 1.0.25-9.1+deb8u2
Debian 7 sndfile-programs 1.0.25-9.1+deb7u2
Debian 9 libsndfile1 1.0.27-3+deb9u1
Debian 8 libsndfile1 1.0.25-9.1+deb8u2
Debian 8 sndfile-programs 1.0.25-9.1+deb8u2
Debian 9 libsndfile1-dbg 1.0.27-3+deb9u1
Debian 9 libsndfile1 1.0.27-3+deb9u1
Debian 7 sndfile-programs 1.0.25-9.1+deb7u2
Debian 7 libsndfile1-dev 1.0.25-9.1+deb7u2
Debian 9 sndfile-programs-dbg 1.0.27-3+deb9u1
Debian 9 sndfile-programs-dbg 1.0.27-3+deb9u1
Debian 8 libsndfile1-dev 1.0.25-9.1+deb8u2
Debian 8 libsndfile1 1.0.25-9.1+deb8u2
Debian 8 libsndfile1-dbg 1.0.25-9.1+deb8u2
Debian 8 sndfile-programs 1.0.25-9.1+deb8u2
Debian 9 libsndfile 1.0.27-3+deb9u1
Debian 9 libsndfile1-dbg 1.0.27-3+deb9u1

Related