Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-867-1:BC0D2
HistoryMar 23, 2017 - 9:05 p.m.

[SECURITY] [DLA 867-1] audiofile security update

2017-03-2321:05:45
lists.debian.org
11

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

85.6%

JSON

Package : audiofile
Version : 0.3.4-2+deb7u1
CVE ID : CVE-2017-6829 CVE-2017-6830 CVE-2017-6831 CVE-2017-6832
CVE-2017-6833 CVE-2017-6834 CVE-2017-6835 CVE-2017-6836
CVE-2017-6837 CVE-2017-6838 CVE-2017-6839
Debian Bug : 857651

Multiple vulnerabilities has been found in audiofile.

CVE-2017-6829

Allows remote attackers to cause a denial of service (crash) via a
crafted file.

CVE-2017-6830, CVE-2017-6834, CVE-2017-6831, CVE-2017-6832, CVE-2017-6838,
CVE-2017-6839, CVE-2017-6836

Heap-based buffer overflow in that allows remote attackers to cause
a denial of service (crash) via a crafted file.

CVE-2017-6833, CVE-2017-6835

The runPull function allows remote attackers to cause a denial of
service (divide-by-zero error and crash) via a crafted file.

CVE-2017-6837

Allows remote attackers to cause a denial of service (crash) via
vectors related to a large number of coefficients.

For Debian 7 "Wheezy", these problems have been fixed in version
0.3.4-2+deb7u1.

We recommend that you upgrade your audiofile packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-------------- Ola Lundqvist --------------------
/ [email protected] GPG fingerprint
| [email protected] 22F2 32C6 B1E0 F4BF 2B26 |

http://inguza.com/ 0A6A 5E90 DCFA 9426 876F /
OSVersionArchitecturePackageVersionFilename
Debian7allaudiofile< 0.3.4-2+deb7u1audiofile_0.3.4-2+deb7u1_all.deb

Related

nessus 10
osv 13
archlinux 1
openvas 8
mageia 1
cloudfoundry 1
debian 2
ubuntu 1
oraclelinux 1
ubuntucve 12
cvelist 11
redhatcve 12
prion 11
debiancve 11
cve 11
cbl_mariner 11
veracode 2
nessus
nessus
Debian DLA-867-1 : audiofile security update
2017-03-24 00:00:00
Debian DSA-3814-1 : audiofile - security update
2017-03-23 00:00:00
openSUSE Security Update : audiofile (openSUSE-2017-476)
2017-04-18 00:00:00
osv
osv
audiofile - security update
2017-03-22 00:00:00
audiofile - security update
2017-03-23 00:00:00
CVE-2017-6830
2017-03-20 16:59:02
archlinux
archlinux
[ASA-201708-9] audiofile: multiple issues
2017-08-14 00:00:00
openvas
openvas
Debian Security Advisory DSA 3814-1 (audiofile - security update)
2017-03-22 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:1182-1)
2021-06-09 00:00:00
Mageia: Security Advisory (MGASA-2017-0129)
2022-01-28 00:00:00
mageia
mageia
Updated audiofile packages fix security vulnerabilities
2017-05-06 15:17:05
cloudfoundry
cloudfoundry
USN-3241-1: audiofile vulnerabilities | Cloud Foundry
2017-04-04 00:00:00
debian
debian
[SECURITY] [DSA 3814-1] audiofile security update
2017-03-22 20:13:31
[SECURITY] [DSA 3814-1] audiofile security update
2017-03-22 20:13:14
ubuntu
ubuntu
audiofile vulnerabilities
2017-03-22 00:00:00
oraclelinux
oraclelinux
audiofile security update
2020-10-06 00:00:00
ubuntucve
ubuntucve
CVE-2017-6837
2017-03-14 00:00:00
CVE-2017-6827
2017-03-15 00:00:00
CVE-2017-6836
2017-03-14 00:00:00
cvelist
cvelist
CVE-2017-6839
2017-03-20 16:00:00
CVE-2017-6829
2017-03-20 16:00:00
CVE-2017-6830
2017-03-20 16:00:00
redhatcve
redhatcve
CVE-2017-6839
2017-03-16 13:18:15
CVE-2017-6830
2017-03-16 12:49:23
CVE-2017-6829
2017-03-16 12:49:32
prion
prion
Integer overflow
2017-03-20 16:59:00
Heap overflow
2017-03-20 16:59:00
Heap overflow
2017-03-20 16:59:00
debiancve
debiancve
CVE-2017-6839
2017-03-20 16:59:00
CVE-2017-6830
2017-03-20 16:59:00
CVE-2017-6833
2017-03-20 16:59:00
cve
cve
CVE-2017-6839
2017-03-20 16:59:00
CVE-2017-6830
2017-03-20 16:59:00
CVE-2017-6832
2017-03-20 16:59:00
cbl_mariner
cbl_mariner
CVE-2017-6839 affecting package audiofile 0.3.6-27
2024-05-29 09:07:39
CVE-2017-6830 affecting package audiofile 0.3.6-27
2024-05-29 09:07:39
CVE-2017-6833 affecting package audiofile 0.3.6-27
2024-05-29 09:07:39
veracode
veracode
Denial Of Service (DoS)
2018-07-24 08:48:15
Denial Of Service (DoS)
2018-07-24 05:47:26

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

85.6%

JSON
Related for DEBIAN:DLA-867-1:BC0D2
nessus10osv13archlinux1openvas8mageia1cloudfoundry1debian2ubuntu1oraclelinux1ubuntucve12cvelist11redhatcve12prion11debiancve11cve11cbl_mariner11veracode2