DATABASE RESOURCES PRICING ABOUT US

{"id": "OPENVAS:1361412562310874823", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for soundtouch FEDORA-2018-93a43993aa", "description": "The remote host is missing an update for the ", "published": "2018-07-17T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874823", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DBNLS5JI6AFPGYDJHBRYWMSVRPRNVQCN", "2018-93a43993aa"], "cvelist": ["CVE-2017-9259", "CVE-2017-9258", "CVE-2017-9260"], "lastseen": "2019-05-29T18:32:54", "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-9258", "CVE-2017-9259", "CVE-2017-9260"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-9258", "DEBIANCVE:CVE-2017-9259", "DEBIANCVE:CVE-2017-9260"]}, {"type": "exploitdb", "idList": ["EDB-ID:42389"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:0946CE96C1F91A18F5B25CB6A83F9C96"]}, {"type": "fedora", "idList": ["FEDORA:25C656118E19", "FEDORA:365E4604CD79", "FEDORA:5264C6087F11", "FEDORA:61C89609394E", "FEDORA:7727562870D4", "FEDORA:D6FAA6119B9A"]}, {"type": "nessus", "idList": ["EULEROS_SA-2021-1705.NASL", "EULEROS_SA-2021-1849.NASL", "EULEROS_SA-2021-2449.NASL", "FEDORA_2018-4197FFF086.NASL", "FEDORA_2018-93A43993AA.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310874821", "OPENVAS:1361412562310874978", "OPENVAS:1361412562310875002", "OPENVAS:1361412562310875305", "OPENVAS:1361412562310875343"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-9258", "RH:CVE-2017-9259", "RH:CVE-2017-9260"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-9258", "UB:CVE-2017-9259", "UB:CVE-2017-9260"]}, {"type": "zdt", "idList": ["1337DAY-ID-28201"]}], "rev": 4}, "score": {"value": 6.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2017-9258", "CVE-2017-9259", "CVE-2017-9260"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-9258", "DEBIANCVE:CVE-2017-9259", "DEBIANCVE:CVE-2017-9260"]}, {"type": "exploitdb", "idList": ["EDB-ID:42389"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:0946CE96C1F91A18F5B25CB6A83F9C96"]}, {"type": "fedora", "idList": ["FEDORA:25C656118E19", "FEDORA:365E4604CD79", "FEDORA:5264C6087F11", "FEDORA:61C89609394E", "FEDORA:7727562870D4", "FEDORA:D6FAA6119B9A"]}, {"type": "nessus", "idList": ["FEDORA_2018-4197FFF086.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310874821"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-9258", "RH:CVE-2017-9259", "RH:CVE-2017-9260"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-9258", "UB:CVE-2017-9259", "UB:CVE-2017-9260"]}, {"type": "zdt", "idList": ["1337DAY-ID-28201"]}]}, "exploitation": null, "vulnersScore": 6.5}, "pluginID": "1361412562310874823", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_93a43993aa_soundtouch_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for soundtouch FEDORA-2018-93a43993aa\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874823\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-17 06:05:05 +0200 (Tue, 17 Jul 2018)\");\n script_cve_id(\"CVE-2017-9258\", \"CVE-2017-9259\", \"CVE-2017-9260\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for soundtouch FEDORA-2018-93a43993aa\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'soundtouch'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"soundtouch on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-93a43993aa\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DBNLS5JI6AFPGYDJHBRYWMSVRPRNVQCN\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"soundtouch\", rpm:\"soundtouch~2.0.0~3.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645485170}}

{"zdt": [{"lastseen": "2018-03-20T03:19:56", "description": "Exploit for linux platform in category dos / poc", "cvss3": {}, "published": "2017-07-28T00:00:00", "type": "zdt", "title": "SoundTouch 1.9.2 - Multiple Vulnerabilities", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-9259", "CVE-2017-9258", "CVE-2017-9260"], "modified": "2017-07-28T00:00:00", "id": "1337DAY-ID-28201", "href": "https://0day.today/exploit/description/28201", "sourceData": "SoundTouch multiple vulnerabilities\r\n================\r\nAuthor : qflb.wu\r\n===============\r\n \r\n \r\nIntroduction:\r\n=============\r\nSoundTouch is an open-source audio processing library for changing the Tempo, Pitch and Playback Rates of audio streams or audio files. The library additionally supports estimating stable beats-per-minute rates for audio tracks.\r\n \r\n \r\nAffected version:\r\n=====\r\n1.9.2\r\n \r\n \r\nVulnerability Description:\r\n==========================\r\n1.\r\nthe TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 can cause a denial of service(infinite loop and CPU consumption) via a crafted wav file.\r\n \r\n \r\n./soundstretch SoundTouch_1.9.2_infinite_loop.wav out\r\n \r\n \r\nPOC:\r\nSoundTouch_1.9.2_infinite_loop.wav\r\nCVE:\r\nCVE-2017-9258\r\n \r\n \r\n2.\r\nthe TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 can cause a denial of service(memory allocation error and application crash) via a crafted wav file.\r\n \r\n \r\n./soundstretch SoundTouch_1.9.2_memory_allocation_error.wav out\r\n \r\n \r\n==87485==ERROR: AddressSanitizer failed to allocate 0x16103e000 (5922611200) bytes of LargeMmapAllocator: 12\r\n==87485==Process memory map follows:\r\n0x000000400000-0x0000004c7000/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch\r\n0x0000006c7000-0x0000006c8000/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch\r\n0x0000006c8000-0x0000006ca000/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch\r\n0x0000006ca000-0x000001b0e000\r\n0x00007fff7000-0x00008fff7000\r\n0x00008fff7000-0x02008fff7000\r\n0x02008fff7000-0x10007fff8000\r\n0x600000000000-0x603000000000\r\n0x603000000000-0x603000010000\r\n0x603000010000-0x604000000000\r\n0x604000000000-0x604000010000\r\n0x604000010000-0x608000000000\r\n0x608000000000-0x608000010000\r\n0x608000010000-0x60b000000000\r\n0x60b000000000-0x60b000010000\r\n0x60b000010000-0x60e000000000\r\n0x60e000000000-0x60e000010000\r\n0x60e000010000-0x611000000000\r\n0x611000000000-0x611000010000\r\n0x611000010000-0x615000000000\r\n0x615000000000-0x615000020000\r\n0x615000020000-0x616000000000\r\n0x616000000000-0x616000020000\r\n0x616000020000-0x619000000000\r\n0x619000000000-0x619000020000\r\n0x619000020000-0x61e000000000\r\n0x61e000000000-0x61e000020000\r\n0x61e000020000-0x621000000000\r\n0x621000000000-0x621000020000\r\n0x621000020000-0x624000000000\r\n0x624000000000-0x624000020000\r\n0x624000020000-0x640000000000\r\n0x640000000000-0x640000003000\r\n0x7fdf6b253000-0x7fdf6d756000\r\n0x7fdf6d756000-0x7fdf6d914000/lib/x86_64-linux-gnu/libc-2.19.so\r\n0x7fdf6d914000-0x7fdf6db13000/lib/x86_64-linux-gnu/libc-2.19.so\r\n0x7fdf6db13000-0x7fdf6db17000/lib/x86_64-linux-gnu/libc-2.19.so\r\n0x7fdf6db17000-0x7fdf6db19000/lib/x86_64-linux-gnu/libc-2.19.so\r\n0x7fdf6db19000-0x7fdf6db1e000\r\n0x7fdf6db1e000-0x7fdf6db34000/lib/x86_64-linux-gnu/libgcc_s.so.1\r\n0x7fdf6db34000-0x7fdf6dd33000/lib/x86_64-linux-gnu/libgcc_s.so.1\r\n0x7fdf6dd33000-0x7fdf6dd34000/lib/x86_64-linux-gnu/libgcc_s.so.1\r\n0x7fdf6dd34000-0x7fdf6de1a000/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19\r\n0x7fdf6de1a000-0x7fdf6e019000/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19\r\n0x7fdf6e019000-0x7fdf6e021000/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19\r\n0x7fdf6e021000-0x7fdf6e023000/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19\r\n0x7fdf6e023000-0x7fdf6e038000\r\n0x7fdf6e038000-0x7fdf6e03b000/lib/x86_64-linux-gnu/libdl-2.19.so\r\n0x7fdf6e03b000-0x7fdf6e23a000/lib/x86_64-linux-gnu/libdl-2.19.so\r\n0x7fdf6e23a000-0x7fdf6e23b000/lib/x86_64-linux-gnu/libdl-2.19.so\r\n0x7fdf6e23b000-0x7fdf6e23c000/lib/x86_64-linux-gnu/libdl-2.19.so\r\n0x7fdf6e23c000-0x7fdf6e243000/lib/x86_64-linux-gnu/librt-2.19.so\r\n0x7fdf6e243000-0x7fdf6e442000/lib/x86_64-linux-gnu/librt-2.19.so\r\n0x7fdf6e442000-0x7fdf6e443000/lib/x86_64-linux-gnu/librt-2.19.so\r\n0x7fdf6e443000-0x7fdf6e444000/lib/x86_64-linux-gnu/librt-2.19.so\r\n0x7fdf6e444000-0x7fdf6e45d000/lib/x86_64-linux-gnu/libpthread-2.19.so\r\n0x7fdf6e45d000-0x7fdf6e65c000/lib/x86_64-linux-gnu/libpthread-2.19.so\r\n0x7fdf6e65c000-0x7fdf6e65d000/lib/x86_64-linux-gnu/libpthread-2.19.so\r\n0x7fdf6e65d000-0x7fdf6e65e000/lib/x86_64-linux-gnu/libpthread-2.19.so\r\n0x7fdf6e65e000-0x7fdf6e662000\r\n0x7fdf6e662000-0x7fdf6e767000/lib/x86_64-linux-gnu/libm-2.19.so\r\n0x7fdf6e767000-0x7fdf6e966000/lib/x86_64-linux-gnu/libm-2.19.so\r\n0x7fdf6e966000-0x7fdf6e967000/lib/x86_64-linux-gnu/libm-2.19.so\r\n0x7fdf6e967000-0x7fdf6e968000/lib/x86_64-linux-gnu/libm-2.19.so\r\n0x7fdf6e968000-0x7fdf6e9bd000/usr/local/lib/libSoundTouch.so.1.0.0\r\n0x7fdf6e9bd000-0x7fdf6ebbd000/usr/local/lib/libSoundTouch.so.1.0.0\r\n0x7fdf6ebbd000-0x7fdf6ebbe000/usr/local/lib/libSoundTouch.so.1.0.0\r\n0x7fdf6ebbe000-0x7fdf6ebc1000/usr/local/lib/libSoundTouch.so.1.0.0\r\n0x7fdf6ebc1000-0x7fdf6ebe4000/lib/x86_64-linux-gnu/ld-2.19.so\r\n0x7fdf6edb1000-0x7fdf6edc8000\r\n0x7fdf6edca000-0x7fdf6edd7000\r\n0x7fdf6edda000-0x7fdf6ede3000\r\n0x7fdf6ede3000-0x7fdf6ede4000/lib/x86_64-linux-gnu/ld-2.19.so\r\n0x7fdf6ede4000-0x7fdf6ede5000/lib/x86_64-linux-gnu/ld-2.19.so\r\n0x7fdf6ede5000-0x7fdf6ede6000\r\n0x7ffcb0503000-0x7ffcb0524000[stack]\r\n0x7ffcb05a4000-0x7ffcb05a6000[vvar]\r\n0x7ffcb05a6000-0x7ffcb05a8000[vdso]\r\n0xffffffffff600000-0xffffffffff601000[vsyscall]\r\n==87485==End of process memory map.\r\n==87485==AddressSanitizer CHECK failed: /build/buildd/llvm-toolchain-3.4-3.4/projects/compiler-rt/lib/sanitizer_common/sanitizer_posix.cc:68 \"((\"unable to mmap\" && 0)) != (0)\" (0x0, 0x0)\r\n #0 0x46da6f in __asan::AsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch+0x46da6f)\r\n #1 0x4732d1 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch+0x4732d1)\r\n #2 0x477b9e in __sanitizer::MmapOrDie(unsigned long, char const*) (/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch+0x477b9e)\r\n #3 0x433278 in __sanitizer::LargeMmapAllocator<__asan::AsanMapUnmapCallback>::Allocate(__sanitizer::AllocatorStats*, unsigned long, unsigned long) (/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch+0x433278)\r\n #4 0x42f2bb in __asan::Allocate(unsigned long, unsigned long, __sanitizer::StackTrace*, __asan::AllocType, bool) (/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch+0x42f2bb)\r\n #5 0x46824d in operator new[](unsigned long) (/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch+0x46824d)\r\n #6 0x7fdf6e993d8e in soundtouch::TDStretch::acceptNewOverlapLength(int) /home/a/Downloads/soundtouch/source/SoundTouch/TDStretch.cpp:724\r\n #7 0x7fdf6e993d8e in soundtouch::TDStretch::calculateOverlapLength(int) /home/a/Downloads/soundtouch/source/SoundTouch/TDStretch.cpp:1008\r\n #8 0x7fdf6e9901f0 in soundtouch::TDStretch::setParameters(int, int, int, int) /home/a/Downloads/soundtouch/source/SoundTouch/TDStretch.cpp:158\r\n #9 0x7fdf6e998910 in soundtouch::TDStretch::setChannels(int) /home/a/Downloads/soundtouch/source/SoundTouch/TDStretch.cpp:599\r\n #10 0x47f825 in setup(soundtouch::SoundTouch*, WavInFile const*, RunParameters const*) /home/a/Downloads/soundtouch/source/SoundStretch/main.cpp:127\r\n #11 0x47f825 in main /home/a/Downloads/soundtouch/source/SoundStretch/main.cpp:310\r\n #12 0x7fdf6d777f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)\r\n #13 0x47dbac in _start (/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch+0x47dbac)\r\n \r\n \r\n POC:\r\n SoundTouch_1.9.2_infinite_loop.wav\r\n CVE:\r\n CVE-2017-9259\r\n \r\n \r\n 3.\r\n the TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 can cause a denial of service(heap-buffer-overflow and application crash) via a crafted wav file.\r\n \r\n \r\n./soundstretch SoundTouch_1.9.2_heap_buffer_overflow.wav out\r\n \r\n \r\n==87598==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x625000007110 at pc 0x7f5076e3c3dc bp 0x7ffda7a42e10 sp 0x7ffda7a42e08\r\nREAD of size 16 at 0x625000007110 thread T0\r\n #0 0x7f5076e3c3db in soundtouch::TDStretchSSE::calcCrossCorr(float const*, float const*, double&) /home/a/Downloads/soundtouch/source/SoundTouch/sse_optimized.cpp:120:35\r\n #1 0x7f5076e1f0f9 in soundtouch::TDStretch::seekBestOverlapPositionFull(float const*) /home/a/Downloads/soundtouch/source/SoundTouch/TDStretch.cpp:305\r\n #2 0x7f5076e1ee2c in soundtouch::TDStretch::seekBestOverlapPosition(float const*) /home/a/Downloads/soundtouch/source/SoundTouch/TDStretch.cpp:258\r\n #3 0x7f5076e21e88 in soundtouch::TDStretch::processSamples() /home/a/Downloads/soundtouch/source/SoundTouch/TDStretch.cpp:659\r\n #4 0x7f5076e12893 in soundtouch::FIFOSamplePipe::moveSamples(soundtouch::FIFOSamplePipe&) /home/a/Downloads/soundtouch/source/SoundTouch/../../include/FIFOSamplePipe.h:88\r\n #5 0x7f5076e12893 in soundtouch::SoundTouch::putSamples(float const*, unsigned int) /home/a/Downloads/soundtouch/source/SoundTouch/SoundTouch.cpp:334\r\n #6 0x480f5e in process(soundtouch::SoundTouch*, WavInFile*, WavOutFile*) /home/a/Downloads/soundtouch/source/SoundStretch/main.cpp:200\r\n #7 0x480f5e in main /home/a/Downloads/soundtouch/source/SoundStretch/main.cpp:314\r\n #8 0x7f5075c00f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)\r\n #9 0x47dbac in _start (/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch+0x47dbac)\r\n \r\n \r\n0x625000007110 is located 0 bytes to the right of 8208-byte region [0x625000005100,0x625000007110)\r\nallocated by thread T0 here:\r\n #0 0x468209 in operator new[](unsigned long) (/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch+0x468209)\r\n #1 0x7f5076e055db in soundtouch::FIFOSampleBuffer::ensureCapacity(unsigned int) /home/a/Downloads/soundtouch/source/SoundTouch/FIFOSampleBuffer.cpp:174\r\n \r\n \r\nSUMMARY: AddressSanitizer: heap-buffer-overflow /home/a/Downloads/soundtouch/source/SoundTouch/sse_optimized.cpp:120 soundtouch::TDStretchSSE::calcCrossCorr(float const*, float const*, double&)\r\nShadow bytes around the buggy address:\r\n 0x0c4a7fff8dd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x0c4a7fff8de0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x0c4a7fff8df0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x0c4a7fff8e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x0c4a7fff8e10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n=>0x0c4a7fff8e20: 00 00[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n 0x0c4a7fff8e30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n 0x0c4a7fff8e40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n 0x0c4a7fff8e50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n 0x0c4a7fff8e60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n 0x0c4a7fff8e70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\nShadow byte legend (one shadow byte represents 8 application bytes):\r\n Addressable: 00\r\n Partially addressable: 01 02 03 04 05 06 07 \r\n Heap left redzone: fa\r\n Heap right redzone: fb\r\n Freed heap region: fd\r\n Stack left redzone: f1\r\n Stack mid redzone: f2\r\n Stack right redzone: f3\r\n Stack partial redzone: f4\r\n Stack after return: f5\r\n Stack use after scope: f8\r\n Global redzone: f9\r\n Global init order: f6\r\n Poisoned by user: f7\r\n ASan internal: fe\r\n==87598==ABORTING\r\n \r\n \r\nPOC:\r\nSoundTouch_1.9.2_heap_buffer_overflow.wav\r\nCVE:\r\nCVE-2017-9260\r\n \r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/42389.zip\n\n# 0day.today [2018-03-20] #", "sourceHref": "https://0day.today/exploit/28201", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-08-19T12:31:43", "description": "- Security fix for CVE-2017-9258, CVE-2017-9259, CVE-2017-9260\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2018-07-24T00:00:00", "type": "nessus", "title": "Fedora 27 : soundtouch (2018-4197fff086)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9258", "CVE-2017-9259", "CVE-2017-9260"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:soundtouch", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-4197FFF086.NASL", "href": "https://www.tenable.com/plugins/nessus/111239", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-4197fff086.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111239);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-9258\", \"CVE-2017-9259\", \"CVE-2017-9260\");\n script_xref(name:\"FEDORA\", value:\"2018-4197fff086\");\n\n script_name(english:\"Fedora 27 : soundtouch (2018-4197fff086)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Security fix for CVE-2017-9258, CVE-2017-9259,\n CVE-2017-9260\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-4197fff086\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected soundtouch package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:soundtouch\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"soundtouch-2.0.0-3.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"soundtouch\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:29:28", "description": "- Security fix for CVE-2017-9258, CVE-2017-9259, CVE-2017-9260\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 28 : soundtouch (2018-93a43993aa)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9258", "CVE-2017-9259", "CVE-2017-9260"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:soundtouch", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-93A43993AA.NASL", "href": "https://www.tenable.com/plugins/nessus/120626", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-93a43993aa.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120626);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-9258\", \"CVE-2017-9259\", \"CVE-2017-9260\");\n script_xref(name:\"FEDORA\", value:\"2018-93a43993aa\");\n\n script_name(english:\"Fedora 28 : soundtouch (2018-93a43993aa)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Security fix for CVE-2017-9258, CVE-2017-9259,\n CVE-2017-9260\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-93a43993aa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected soundtouch package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:soundtouch\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"soundtouch-2.0.0-3.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"soundtouch\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:02:16", "description": "According to the versions of the soundtouch package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - soundtouch version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() that can result in arbitrary code execution. This attack appear to be exploitable via victim must open maliocius file in soundstretch utility.(CVE-2018-1000223)\n\n - The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.(CVE-2018-17096)\n\n - The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.(CVE-2018-14044)\n\n - The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file.(CVE-2017-9259)\n\n - The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file.(CVE-2017-9258)\n\n - The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file.(CVE-2017-9260)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-04-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : soundtouch (EulerOS-SA-2021-1849)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9258", "CVE-2017-9259", "CVE-2017-9260", "CVE-2018-1000223", "CVE-2018-14044", "CVE-2018-17096"], "modified": "2021-05-04T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:soundtouch", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1849.NASL", "href": "https://www.tenable.com/plugins/nessus/149126", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149126);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/04\");\n\n script_cve_id(\n \"CVE-2017-9258\",\n \"CVE-2017-9259\",\n \"CVE-2017-9260\",\n \"CVE-2018-1000223\",\n \"CVE-2018-14044\",\n \"CVE-2018-17096\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : soundtouch (EulerOS-SA-2021-1849)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the soundtouch package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - soundtouch version up to and including 2.0.0 contains a\n Buffer Overflow vulnerability in\n SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock()\n that can result in arbitrary code execution. This\n attack appear to be exploitable via victim must open\n maliocius file in soundstretch\n utility.(CVE-2018-1000223)\n\n - The BPMDetect class in BPMDetect.cpp in libSoundTouch.a\n in Olli Parviainen SoundTouch 2.0 allows remote\n attackers to cause a denial of service (assertion\n failure and application exit), as demonstrated by\n SoundStretch.(CVE-2018-17096)\n\n - The RateTransposer::setChannels function in\n RateTransposer.cpp in libSoundTouch.a in Olli\n Parviainen SoundTouch 2.0 allows remote attackers to\n cause a denial of service (assertion failure and\n application exit), as demonstrated by\n SoundStretch.(CVE-2018-14044)\n\n - The TDStretch::acceptNewOverlapLength function in\n source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2\n allows remote attackers to cause a denial of service\n (memory allocation error and application crash) via a\n crafted wav file.(CVE-2017-9259)\n\n - The TDStretch::processSamples function in\n source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2\n allows remote attackers to cause a denial of service\n (infinite loop and CPU consumption) via a crafted wav\n file.(CVE-2017-9258)\n\n - The TDStretchSSE::calcCrossCorr function in\n source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2\n allows remote attackers to cause a denial of service\n (heap-based buffer over-read and application crash) via\n a crafted wav file.(CVE-2017-9260)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1849\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?afb452fe\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected soundtouch packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-1000223\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:soundtouch\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"soundtouch-1.4.0-9.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"soundtouch\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:03:30", "description": "According to the versions of the soundtouch package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - soundtouch version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() that can result in arbitrary code execution. This attack appear to be exploitable via victim must open maliocius file in soundstretch utility.(CVE-2018-1000223)\n\n - The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.(CVE-2018-14044)\n\n - The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.(CVE-2018-17096)\n\n - The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file.(CVE-2017-9258)\n\n - The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file.(CVE-2017-9259)\n\n - The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file.(CVE-2017-9260)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-03-24T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : soundtouch (EulerOS-SA-2021-1705)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9258", "CVE-2017-9259", "CVE-2017-9260", "CVE-2018-1000223", "CVE-2018-14044", "CVE-2018-17096"], "modified": "2021-03-26T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:soundtouch", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1705.NASL", "href": "https://www.tenable.com/plugins/nessus/148048", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148048);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/26\");\n\n script_cve_id(\n \"CVE-2017-9258\",\n \"CVE-2017-9259\",\n \"CVE-2017-9260\",\n \"CVE-2018-1000223\",\n \"CVE-2018-14044\",\n \"CVE-2018-17096\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : soundtouch (EulerOS-SA-2021-1705)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the soundtouch package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - soundtouch version up to and including 2.0.0 contains a\n Buffer Overflow vulnerability in\n SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock()\n that can result in arbitrary code execution. This\n attack appear to be exploitable via victim must open\n maliocius file in soundstretch\n utility.(CVE-2018-1000223)\n\n - The RateTransposer::setChannels function in\n RateTransposer.cpp in libSoundTouch.a in Olli\n Parviainen SoundTouch 2.0 allows remote attackers to\n cause a denial of service (assertion failure and\n application exit), as demonstrated by\n SoundStretch.(CVE-2018-14044)\n\n - The BPMDetect class in BPMDetect.cpp in libSoundTouch.a\n in Olli Parviainen SoundTouch 2.0 allows remote\n attackers to cause a denial of service (assertion\n failure and application exit), as demonstrated by\n SoundStretch.(CVE-2018-17096)\n\n - The TDStretch::processSamples function in\n source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2\n allows remote attackers to cause a denial of service\n (infinite loop and CPU consumption) via a crafted wav\n file.(CVE-2017-9258)\n\n - The TDStretch::acceptNewOverlapLength function in\n source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2\n allows remote attackers to cause a denial of service\n (memory allocation error and application crash) via a\n crafted wav file.(CVE-2017-9259)\n\n - The TDStretchSSE::calcCrossCorr function in\n source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2\n allows remote attackers to cause a denial of service\n (heap-based buffer over-read and application crash) via\n a crafted wav file.(CVE-2017-9260)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1705\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ec229d9f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected soundtouch packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-1000223\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:soundtouch\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"soundtouch-1.4.0-9.h1.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"soundtouch\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-18T00:10:45", "description": "According to the versions of the soundtouch package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.(CVE-2018-17096)\n\n - The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file.(CVE-2017-9260)\n\n - The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file.(CVE-2017-9258)\n\n - The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file.(CVE-2017-9259)\n\n - The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.(CVE-2018-14044)\n\n - soundtouch version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() that can result in arbitrary code execution. This attack appear to be exploitable via victim must open maliocius file in soundstretch utility.(CVE-2018-1000223)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : soundtouch (EulerOS-SA-2021-2449)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9258", "CVE-2017-9259", "CVE-2017-9260", "CVE-2018-1000223", "CVE-2018-14044", "CVE-2018-17096"], "modified": "2021-09-16T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:soundtouch", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2449.NASL", "href": "https://www.tenable.com/plugins/nessus/153259", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153259);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/16\");\n\n script_cve_id(\n \"CVE-2017-9258\",\n \"CVE-2017-9259\",\n \"CVE-2017-9260\",\n \"CVE-2018-1000223\",\n \"CVE-2018-14044\",\n \"CVE-2018-17096\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : soundtouch (EulerOS-SA-2021-2449)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the soundtouch package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The BPMDetect class in BPMDetect.cpp in libSoundTouch.a\n in Olli Parviainen SoundTouch 2.0 allows remote\n attackers to cause a denial of service (assertion\n failure and application exit), as demonstrated by\n SoundStretch.(CVE-2018-17096)\n\n - The TDStretchSSE::calcCrossCorr function in\n source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2\n allows remote attackers to cause a denial of service\n (heap-based buffer over-read and application crash) via\n a crafted wav file.(CVE-2017-9260)\n\n - The TDStretch::processSamples function in\n source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2\n allows remote attackers to cause a denial of service\n (infinite loop and CPU consumption) via a crafted wav\n file.(CVE-2017-9258)\n\n - The TDStretch::acceptNewOverlapLength function in\n source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2\n allows remote attackers to cause a denial of service\n (memory allocation error and application crash) via a\n crafted wav file.(CVE-2017-9259)\n\n - The RateTransposer::setChannels function in\n RateTransposer.cpp in libSoundTouch.a in Olli\n Parviainen SoundTouch 2.0 allows remote attackers to\n cause a denial of service (assertion failure and\n application exit), as demonstrated by\n SoundStretch.(CVE-2018-14044)\n\n - soundtouch version up to and including 2.0.0 contains a\n Buffer Overflow vulnerability in\n SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock()\n that can result in arbitrary code execution. This\n attack appear to be exploitable via victim must open\n maliocius file in soundstretch\n utility.(CVE-2018-1000223)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2449\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ed56a8a5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected soundtouch packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-1000223\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:soundtouch\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"soundtouch-1.4.0-9.h3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"soundtouch\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:32:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-07-17T00:00:00", "type": "openvas", "title": "Fedora Update for soundtouch FEDORA-2018-4197fff086", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9259", "CVE-2017-9258", "CVE-2017-9260"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874821", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874821", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_4197fff086_soundtouch_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for soundtouch FEDORA-2018-4197fff086\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874821\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-17 06:04:47 +0200 (Tue, 17 Jul 2018)\");\n script_cve_id(\"CVE-2017-9258\", \"CVE-2017-9259\", \"CVE-2017-9260\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for soundtouch FEDORA-2018-4197fff086\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'soundtouch'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"soundtouch on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-4197fff086\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7D3E5WINOWCOWXM7ZAONSCMK2XBNS3XP\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"soundtouch\", rpm:\"soundtouch~2.0.0~3.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-08-26T00:00:00", "type": "openvas", "title": "Fedora Update for soundtouch FEDORA-2018-fadf6f5a9f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14044", "CVE-2017-9259", "CVE-2017-9258", "CVE-2017-9260", "CVE-2018-1000223", "CVE-2018-14045"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875002", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875002", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_fadf6f5a9f_soundtouch_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for soundtouch FEDORA-2018-fadf6f5a9f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875002\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-26 07:17:48 +0200 (Sun, 26 Aug 2018)\");\n script_cve_id(\"CVE-2018-14044\", \"CVE-2018-14045\", \"CVE-2018-1000223\", \"CVE-2017-9258\", \"CVE-2017-9259\", \"CVE-2017-9260\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for soundtouch FEDORA-2018-fadf6f5a9f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'soundtouch'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"soundtouch on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-fadf6f5a9f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN4C7XQH3KDIJB4UXRTQPH2FEC7D72XL\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"soundtouch\", rpm:\"soundtouch~2.0.0~6.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-08-21T00:00:00", "type": "openvas", "title": "Fedora Update for soundtouch FEDORA-2018-f4f75985b8", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14044", "CVE-2017-9259", "CVE-2017-9258", "CVE-2017-9260", "CVE-2018-1000223", "CVE-2018-14045"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874978", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874978", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_f4f75985b8_soundtouch_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for soundtouch FEDORA-2018-f4f75985b8\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874978\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-21 06:57:14 +0200 (Tue, 21 Aug 2018)\");\n script_cve_id(\"CVE-2018-14044\", \"CVE-2018-14045\", \"CVE-2018-1000223\", \"CVE-2017-9258\",\n \"CVE-2017-9259\", \"CVE-2017-9260\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for soundtouch FEDORA-2018-f4f75985b8\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'soundtouch'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"soundtouch on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-f4f75985b8\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PA4WRBGUOIUFQNNFWZ5NRQ6K7S63JU6G\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"soundtouch\", rpm:\"soundtouch~2.0.0~6.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-12-04T00:00:00", "type": "openvas", "title": "Fedora Update for soundtouch FEDORA-2018-f159412ac7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14044", "CVE-2018-17097", "CVE-2018-17096", "CVE-2018-17098", "CVE-2017-9259", "CVE-2017-9258", "CVE-2017-9260", "CVE-2018-1000223", "CVE-2018-14045"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875305", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875305", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_f159412ac7_soundtouch_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for soundtouch FEDORA-2018-f159412ac7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875305\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-17098\", \"CVE-2018-17096\", \"CVE-2018-17097\", \"CVE-2018-14044\", \"CVE-2018-14045\", \"CVE-2018-1000223\", \"CVE-2017-9258\", \"CVE-2017-9259\", \"CVE-2017-9260\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-04 08:23:18 +0100 (Tue, 04 Dec 2018)\");\n script_name(\"Fedora Update for soundtouch FEDORA-2018-f159412ac7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2018-f159412ac7\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWF5NLC42HWRTWWAVNSY454M6E24VVC\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'soundtouch'\n package(s) announced via the FEDORA-2018-f159412ac7 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"soundtouch on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"soundtouch\", rpm:\"soundtouch~2.1.1~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-12-04T00:00:00", "type": "openvas", "title": "Fedora Update for soundtouch FEDORA-2018-dbe9da512d", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14044", "CVE-2018-17097", "CVE-2018-17096", "CVE-2018-17098", "CVE-2017-9259", "CVE-2017-9258", "CVE-2017-9260", "CVE-2018-1000223", "CVE-2018-14045"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875343", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875343", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_dbe9da512d_soundtouch_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for soundtouch FEDORA-2018-dbe9da512d\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875343\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-17098\", \"CVE-2018-17096\", \"CVE-2018-17097\", \"CVE-2018-14044\", \"CVE-2018-14045\", \"CVE-2018-1000223\", \"CVE-2017-9258\", \"CVE-2017-9259\", \"CVE-2017-9260\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-04 08:38:34 +0100 (Tue, 04 Dec 2018)\");\n script_name(\"Fedora Update for soundtouch FEDORA-2018-dbe9da512d\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n script_xref(name:\"FEDORA\", value:\"2018-dbe9da512d\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BLVHYN336V62EESIQBTWQWCTHSAWBV72\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'soundtouch'\n package(s) announced via the FEDORA-2018-dbe9da512d advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"soundtouch on Fedora 27.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"soundtouch\", rpm:\"soundtouch~2.1.1~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:49", "description": "\nSoundTouch 1.9.2 - Multiple Vulnerabilities", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-28T00:00:00", "title": "SoundTouch 1.9.2 - Multiple Vulnerabilities", "type": "exploitpack", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9259", "CVE-2017-9258", "CVE-2017-9260"], "modified": "2017-07-28T00:00:00", "id": "EXPLOITPACK:0946CE96C1F91A18F5B25CB6A83F9C96", "href": "", "sourceData": "SoundTouch multiple vulnerabilities\n================\nAuthor : qflb.wu\n===============\n\n\nIntroduction:\n=============\nSoundTouch is an open-source audio processing library for changing the Tempo, Pitch and Playback Rates of audio streams or audio files. The library additionally supports estimating stable beats-per-minute rates for audio tracks.\n\n\nAffected version:\n=====\n1.9.2\n\n\nVulnerability Description:\n==========================\n1.\nthe TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 can cause a denial of service(infinite loop and CPU consumption) via a crafted wav file.\n\n\n./soundstretch SoundTouch_1.9.2_infinite_loop.wav out\n\n\nPOC:\nSoundTouch_1.9.2_infinite_loop.wav\nCVE:\nCVE-2017-9258\n\n\n2.\nthe TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 can cause a denial of service(memory allocation error and application crash) via a crafted wav file.\n\n\n./soundstretch SoundTouch_1.9.2_memory_allocation_error.wav out\n\n\n==87485==ERROR: AddressSanitizer failed to allocate 0x16103e000 (5922611200) bytes of LargeMmapAllocator: 12\n==87485==Process memory map follows:\n0x000000400000-0x0000004c7000/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch\n0x0000006c7000-0x0000006c8000/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch\n0x0000006c8000-0x0000006ca000/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch\n0x0000006ca000-0x000001b0e000\n0x00007fff7000-0x00008fff7000\n0x00008fff7000-0x02008fff7000\n0x02008fff7000-0x10007fff8000\n0x600000000000-0x603000000000\n0x603000000000-0x603000010000\n0x603000010000-0x604000000000\n0x604000000000-0x604000010000\n0x604000010000-0x608000000000\n0x608000000000-0x608000010000\n0x608000010000-0x60b000000000\n0x60b000000000-0x60b000010000\n0x60b000010000-0x60e000000000\n0x60e000000000-0x60e000010000\n0x60e000010000-0x611000000000\n0x611000000000-0x611000010000\n0x611000010000-0x615000000000\n0x615000000000-0x615000020000\n0x615000020000-0x616000000000\n0x616000000000-0x616000020000\n0x616000020000-0x619000000000\n0x619000000000-0x619000020000\n0x619000020000-0x61e000000000\n0x61e000000000-0x61e000020000\n0x61e000020000-0x621000000000\n0x621000000000-0x621000020000\n0x621000020000-0x624000000000\n0x624000000000-0x624000020000\n0x624000020000-0x640000000000\n0x640000000000-0x640000003000\n0x7fdf6b253000-0x7fdf6d756000\n0x7fdf6d756000-0x7fdf6d914000/lib/x86_64-linux-gnu/libc-2.19.so\n0x7fdf6d914000-0x7fdf6db13000/lib/x86_64-linux-gnu/libc-2.19.so\n0x7fdf6db13000-0x7fdf6db17000/lib/x86_64-linux-gnu/libc-2.19.so\n0x7fdf6db17000-0x7fdf6db19000/lib/x86_64-linux-gnu/libc-2.19.so\n0x7fdf6db19000-0x7fdf6db1e000\n0x7fdf6db1e000-0x7fdf6db34000/lib/x86_64-linux-gnu/libgcc_s.so.1\n0x7fdf6db34000-0x7fdf6dd33000/lib/x86_64-linux-gnu/libgcc_s.so.1\n0x7fdf6dd33000-0x7fdf6dd34000/lib/x86_64-linux-gnu/libgcc_s.so.1\n0x7fdf6dd34000-0x7fdf6de1a000/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19\n0x7fdf6de1a000-0x7fdf6e019000/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19\n0x7fdf6e019000-0x7fdf6e021000/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19\n0x7fdf6e021000-0x7fdf6e023000/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19\n0x7fdf6e023000-0x7fdf6e038000\n0x7fdf6e038000-0x7fdf6e03b000/lib/x86_64-linux-gnu/libdl-2.19.so\n0x7fdf6e03b000-0x7fdf6e23a000/lib/x86_64-linux-gnu/libdl-2.19.so\n0x7fdf6e23a000-0x7fdf6e23b000/lib/x86_64-linux-gnu/libdl-2.19.so\n0x7fdf6e23b000-0x7fdf6e23c000/lib/x86_64-linux-gnu/libdl-2.19.so\n0x7fdf6e23c000-0x7fdf6e243000/lib/x86_64-linux-gnu/librt-2.19.so\n0x7fdf6e243000-0x7fdf6e442000/lib/x86_64-linux-gnu/librt-2.19.so\n0x7fdf6e442000-0x7fdf6e443000/lib/x86_64-linux-gnu/librt-2.19.so\n0x7fdf6e443000-0x7fdf6e444000/lib/x86_64-linux-gnu/librt-2.19.so\n0x7fdf6e444000-0x7fdf6e45d000/lib/x86_64-linux-gnu/libpthread-2.19.so\n0x7fdf6e45d000-0x7fdf6e65c000/lib/x86_64-linux-gnu/libpthread-2.19.so\n0x7fdf6e65c000-0x7fdf6e65d000/lib/x86_64-linux-gnu/libpthread-2.19.so\n0x7fdf6e65d000-0x7fdf6e65e000/lib/x86_64-linux-gnu/libpthread-2.19.so\n0x7fdf6e65e000-0x7fdf6e662000\n0x7fdf6e662000-0x7fdf6e767000/lib/x86_64-linux-gnu/libm-2.19.so\n0x7fdf6e767000-0x7fdf6e966000/lib/x86_64-linux-gnu/libm-2.19.so\n0x7fdf6e966000-0x7fdf6e967000/lib/x86_64-linux-gnu/libm-2.19.so\n0x7fdf6e967000-0x7fdf6e968000/lib/x86_64-linux-gnu/libm-2.19.so\n0x7fdf6e968000-0x7fdf6e9bd000/usr/local/lib/libSoundTouch.so.1.0.0\n0x7fdf6e9bd000-0x7fdf6ebbd000/usr/local/lib/libSoundTouch.so.1.0.0\n0x7fdf6ebbd000-0x7fdf6ebbe000/usr/local/lib/libSoundTouch.so.1.0.0\n0x7fdf6ebbe000-0x7fdf6ebc1000/usr/local/lib/libSoundTouch.so.1.0.0\n0x7fdf6ebc1000-0x7fdf6ebe4000/lib/x86_64-linux-gnu/ld-2.19.so\n0x7fdf6edb1000-0x7fdf6edc8000\n0x7fdf6edca000-0x7fdf6edd7000\n0x7fdf6edda000-0x7fdf6ede3000\n0x7fdf6ede3000-0x7fdf6ede4000/lib/x86_64-linux-gnu/ld-2.19.so\n0x7fdf6ede4000-0x7fdf6ede5000/lib/x86_64-linux-gnu/ld-2.19.so\n0x7fdf6ede5000-0x7fdf6ede6000\n0x7ffcb0503000-0x7ffcb0524000[stack]\n0x7ffcb05a4000-0x7ffcb05a6000[vvar]\n0x7ffcb05a6000-0x7ffcb05a8000[vdso]\n0xffffffffff600000-0xffffffffff601000[vsyscall]\n==87485==End of process memory map.\n==87485==AddressSanitizer CHECK failed: /build/buildd/llvm-toolchain-3.4-3.4/projects/compiler-rt/lib/sanitizer_common/sanitizer_posix.cc:68 \"((\"unable to mmap\" && 0)) != (0)\" (0x0, 0x0)\n #0 0x46da6f in __asan::AsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch+0x46da6f)\n #1 0x4732d1 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch+0x4732d1)\n #2 0x477b9e in __sanitizer::MmapOrDie(unsigned long, char const*) (/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch+0x477b9e)\n #3 0x433278 in __sanitizer::LargeMmapAllocator<__asan::AsanMapUnmapCallback>::Allocate(__sanitizer::AllocatorStats*, unsigned long, unsigned long) (/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch+0x433278)\n #4 0x42f2bb in __asan::Allocate(unsigned long, unsigned long, __sanitizer::StackTrace*, __asan::AllocType, bool) (/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch+0x42f2bb)\n #5 0x46824d in operator new[](unsigned long) (/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch+0x46824d)\n #6 0x7fdf6e993d8e in soundtouch::TDStretch::acceptNewOverlapLength(int) /home/a/Downloads/soundtouch/source/SoundTouch/TDStretch.cpp:724\n #7 0x7fdf6e993d8e in soundtouch::TDStretch::calculateOverlapLength(int) /home/a/Downloads/soundtouch/source/SoundTouch/TDStretch.cpp:1008\n #8 0x7fdf6e9901f0 in soundtouch::TDStretch::setParameters(int, int, int, int) /home/a/Downloads/soundtouch/source/SoundTouch/TDStretch.cpp:158\n #9 0x7fdf6e998910 in soundtouch::TDStretch::setChannels(int) /home/a/Downloads/soundtouch/source/SoundTouch/TDStretch.cpp:599\n #10 0x47f825 in setup(soundtouch::SoundTouch*, WavInFile const*, RunParameters const*) /home/a/Downloads/soundtouch/source/SoundStretch/main.cpp:127\n #11 0x47f825 in main /home/a/Downloads/soundtouch/source/SoundStretch/main.cpp:310\n #12 0x7fdf6d777f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)\n #13 0x47dbac in _start (/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch+0x47dbac)\n\n\n POC:\n SoundTouch_1.9.2_infinite_loop.wav\n CVE:\n CVE-2017-9259\n\n\n 3.\n the TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 can cause a denial of service(heap-buffer-overflow and application crash) via a crafted wav file.\n\n\n./soundstretch SoundTouch_1.9.2_heap_buffer_overflow.wav out\n\n\n==87598==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x625000007110 at pc 0x7f5076e3c3dc bp 0x7ffda7a42e10 sp 0x7ffda7a42e08\nREAD of size 16 at 0x625000007110 thread T0\n #0 0x7f5076e3c3db in soundtouch::TDStretchSSE::calcCrossCorr(float const*, float const*, double&) /home/a/Downloads/soundtouch/source/SoundTouch/sse_optimized.cpp:120:35\n #1 0x7f5076e1f0f9 in soundtouch::TDStretch::seekBestOverlapPositionFull(float const*) /home/a/Downloads/soundtouch/source/SoundTouch/TDStretch.cpp:305\n #2 0x7f5076e1ee2c in soundtouch::TDStretch::seekBestOverlapPosition(float const*) /home/a/Downloads/soundtouch/source/SoundTouch/TDStretch.cpp:258\n #3 0x7f5076e21e88 in soundtouch::TDStretch::processSamples() /home/a/Downloads/soundtouch/source/SoundTouch/TDStretch.cpp:659\n #4 0x7f5076e12893 in soundtouch::FIFOSamplePipe::moveSamples(soundtouch::FIFOSamplePipe&) /home/a/Downloads/soundtouch/source/SoundTouch/../../include/FIFOSamplePipe.h:88\n #5 0x7f5076e12893 in soundtouch::SoundTouch::putSamples(float const*, unsigned int) /home/a/Downloads/soundtouch/source/SoundTouch/SoundTouch.cpp:334\n #6 0x480f5e in process(soundtouch::SoundTouch*, WavInFile*, WavOutFile*) /home/a/Downloads/soundtouch/source/SoundStretch/main.cpp:200\n #7 0x480f5e in main /home/a/Downloads/soundtouch/source/SoundStretch/main.cpp:314\n #8 0x7f5075c00f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)\n #9 0x47dbac in _start (/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch+0x47dbac)\n\n\n0x625000007110 is located 0 bytes to the right of 8208-byte region [0x625000005100,0x625000007110)\nallocated by thread T0 here:\n #0 0x468209 in operator new[](unsigned long) (/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch+0x468209)\n #1 0x7f5076e055db in soundtouch::FIFOSampleBuffer::ensureCapacity(unsigned int) /home/a/Downloads/soundtouch/source/SoundTouch/FIFOSampleBuffer.cpp:174\n\n\nSUMMARY: AddressSanitizer: heap-buffer-overflow /home/a/Downloads/soundtouch/source/SoundTouch/sse_optimized.cpp:120 soundtouch::TDStretchSSE::calcCrossCorr(float const*, float const*, double&)\nShadow bytes around the buggy address:\n 0x0c4a7fff8dd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x0c4a7fff8de0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x0c4a7fff8df0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x0c4a7fff8e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x0c4a7fff8e10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n=>0x0c4a7fff8e20: 00 00[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c4a7fff8e30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c4a7fff8e40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c4a7fff8e50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c4a7fff8e60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c4a7fff8e70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\nShadow byte legend (one shadow byte represents 8 application bytes):\n Addressable: 00\n Partially addressable: 01 02 03 04 05 06 07 \n Heap left redzone: fa\n Heap right redzone: fb\n Freed heap region: fd\n Stack left redzone: f1\n Stack mid redzone: f2\n Stack right redzone: f3\n Stack partial redzone: f4\n Stack after return: f5\n Stack use after scope: f8\n Global redzone: f9\n Global init order: f6\n Poisoned by user: f7\n ASan internal: fe\n==87598==ABORTING\n\n\nPOC:\nSoundTouch_1.9.2_heap_buffer_overflow.wav\nCVE:\nCVE-2017-9260\n\n\nProof of Concept:\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/42389.zip", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "SoundTouch is a LGPL-licensed open-source audio processing library for changing the Tempo, Pitch and Playback Rates of audio streams or files. The SoundTouch library is suited for application developers writing sound processing tools that require tempo/pitch control functionality, or just for playing around with the sound effects. The SoundTouch library source kit includes an example utility SoundStretch which allows processing .wav audio files from a command-line interface. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-07-16T18:27:14", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: soundtouch-2.0.0-3.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9258", "CVE-2017-9259", "CVE-2017-9260"], "modified": "2018-07-16T18:27:14", "id": "FEDORA:D6FAA6119B9A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DBNLS5JI6AFPGYDJHBRYWMSVRPRNVQCN/", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "SoundTouch is a LGPL-licensed open-source audio processing library for changing the Tempo, Pitch and Playback Rates of audio streams or files. The SoundTouch library is suited for application developers writing sound processing tools that require tempo/pitch control functionality, or just for playing around with the sound effects. The SoundTouch library source kit includes an example utility SoundStretch which allows processing .wav audio files from a command-line interface. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-07-16T17:37:55", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: soundtouch-2.0.0-3.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9258", "CVE-2017-9259", "CVE-2017-9260"], "modified": "2018-07-16T17:37:55", "id": "FEDORA:7727562870D4", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7D3E5WINOWCOWXM7ZAONSCMK2XBNS3XP/", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T18:41:37", "description": "SoundTouch is a LGPL-licensed open-source audio processing library for changing the Tempo, Pitch and Playback Rates of audio streams or files. The SoundTouch library is suited for application developers writing sound processing tools that require tempo/pitch control functionality, or just for playing around with the sound effects. The SoundTouch library source kit includes an example utility SoundStretch which allows processing .wav audio files from a command-line interface. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-08-20T18:43:21", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: soundtouch-2.0.0-6.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9258", "CVE-2017-9259", "CVE-2017-9260", "CVE-2018-1000223", "CVE-2018-14044", "CVE-2018-14045"], "modified": "2018-08-20T18:43:21", "id": "FEDORA:25C656118E19", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PA4WRBGUOIUFQNNFWZ5NRQ6K7S63JU6G/", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T18:41:37", "description": "SoundTouch is a LGPL-licensed open-source audio processing library for changing the Tempo, Pitch and Playback Rates of audio streams or files. The SoundTouch library is suited for application developers writing sound processing tools that require tempo/pitch control functionality, or just for playing around with the sound effects. The SoundTouch library source kit includes an example utility SoundStretch which allows processing .wav audio files from a command-line interface. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-08-23T09:46:23", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: soundtouch-2.0.0-6.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9258", "CVE-2017-9259", "CVE-2017-9260", "CVE-2018-1000223", "CVE-2018-14044", "CVE-2018-14045"], "modified": "2018-08-23T09:46:23", "id": "FEDORA:61C89609394E", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MN4C7XQH3KDIJB4UXRTQPH2FEC7D72XL/", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T18:41:37", "description": "SoundTouch is a LGPL-licensed open-source audio processing library for changing the Tempo, Pitch and Playback Rates of audio streams or files. The SoundTouch library is suited for application developers writing sound processing tools that require tempo/pitch control functionality, or just for playing around with the sound effects. The SoundTouch library source kit includes an example utility SoundStretch which allows processing .wav audio files from a command-line interface. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-21T03:14:16", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: soundtouch-2.1.1-1.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9258", "CVE-2017-9259", "CVE-2017-9260", "CVE-2018-1000223", "CVE-2018-14044", "CVE-2018-14045", "CVE-2018-17096", "CVE-2018-17097", "CVE-2018-17098"], "modified": "2018-11-21T03:14:16", "id": "FEDORA:5264C6087F11", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BRWF5NLC42HWRTWWAVNSY454M6E24VVC/", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T18:41:37", "description": "SoundTouch is a LGPL-licensed open-source audio processing library for changing the Tempo, Pitch and Playback Rates of audio streams or files. The SoundTouch library is suited for application developers writing sound processing tools that require tempo/pitch control functionality, or just for playing around with the sound effects. The SoundTouch library source kit includes an example utility SoundStretch which allows processing .wav audio files from a command-line interface. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-25T02:03:45", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: soundtouch-2.1.1-1.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9258", "CVE-2017-9259", "CVE-2017-9260", "CVE-2018-1000223", "CVE-2018-14044", "CVE-2018-14045", "CVE-2018-17096", "CVE-2018-17097", "CVE-2018-17098"], "modified": "2018-11-25T02:03:45", "id": "FEDORA:365E4604CD79", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BLVHYN336V62EESIQBTWQWCTHSAWBV72/", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Updated soundtouch package fixes security vulnerabilities: The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file (CVE-2017-9258). The TDStretch::acceptNewOverlapLength function in source/SoundTouch/ TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file (CVE-2017-9259). The TDStretchSSE::calcCrossCorr function in source/SoundTouch/ sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file (CVE-2017-9260). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-08-10T14:37:39", "type": "mageia", "title": "Updated soundtouch packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9258", "CVE-2017-9259", "CVE-2017-9260"], "modified": "2018-08-10T14:37:39", "id": "MGASA-2018-0331", "href": "https://advisories.mageia.org/MGASA-2018-0331.html", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-04-18T11:19:34", "description": "Updated dolphin-emu package fixes security vulnerabilities Dolphin Emulator includes a modified copy of the SoundTouch library at version 1.9.2. That version is subject to the following security issues: \\- The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file (CVE-2017-9258) \\- The TDStretch::acceptNewOverlapLength function in source/SoundTouch/ TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file (CVE-2017-9259). \\- The TDStretchSSE::calcCrossCorr function in source/SoundTouch/ sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file (CVE-2017-9260). \\- Reachable assertion in RateTransposer::setChannels() causing denial of service (CVE-2018-14044). \\- Reachable assertion in FIRFilter.cpp causing denial of service (CVE-2018-14045). \\- Assertion failure in BPMDetect class in BPMDetect.cpp (CVE-2018-17096). \\- Out-of-bounds heap write in WavOutFile::write() (CVE-2018-17097). \\- Heap corruption in WavFileBase class in WavFile.cpp (CVE-2018-17098). \\- Heap-based buffer overflow in SoundStretch/WavFile.cpp:WavInFile ::readHeaderBlock() potentially leading to code execution (CVE-2018-1000223). The bundled copy of SoundTouch was updated to version 2.1.2, thereby solving theses issues in Dolphin Emulator. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-05-05T12:20:37", "type": "mageia", "title": "Updated dolphin-emu packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9258", "CVE-2017-9259", "CVE-2017-9260", "CVE-2018-1000223", "CVE-2018-14044", "CVE-2018-14045", "CVE-2018-17096", "CVE-2018-17097", "CVE-2018-17098"], "modified": "2020-05-05T12:20:37", "id": "MGASA-2020-0193", "href": "https://advisories.mageia.org/MGASA-2020-0193.html", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "exploitdb": [{"lastseen": "2022-06-20T22:12:48", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-28T00:00:00", "type": "exploitdb", "title": "SoundTouch 1.9.2 - Multiple Vulnerabilities", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["2017-9258", "2017-9259", "2017-9260", "CVE-2017-9258", "CVE-2017-9259", "CVE-2017-9260"], "modified": "2017-07-28T00:00:00", "id": "EDB-ID:42389", "href": "https://www.exploit-db.com/exploits/42389", "sourceData": "SoundTouch multiple vulnerabilities\r\n================\r\nAuthor : qflb.wu\r\n===============\r\n\r\n\r\nIntroduction:\r\n=============\r\nSoundTouch is an open-source audio processing library for changing the Tempo, Pitch and Playback Rates of audio streams or audio files. The library additionally supports estimating stable beats-per-minute rates for audio tracks.\r\n\r\n\r\nAffected version:\r\n=====\r\n1.9.2\r\n\r\n\r\nVulnerability Description:\r\n==========================\r\n1.\r\nthe TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 can cause a denial of service(infinite loop and CPU consumption) via a crafted wav file.\r\n\r\n\r\n./soundstretch SoundTouch_1.9.2_infinite_loop.wav out\r\n\r\n\r\nPOC:\r\nSoundTouch_1.9.2_infinite_loop.wav\r\nCVE:\r\nCVE-2017-9258\r\n\r\n\r\n2.\r\nthe TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 can cause a denial of service(memory allocation error and application crash) via a crafted wav file.\r\n\r\n\r\n./soundstretch SoundTouch_1.9.2_memory_allocation_error.wav out\r\n\r\n\r\n==87485==ERROR: AddressSanitizer failed to allocate 0x16103e000 (5922611200) bytes of LargeMmapAllocator: 12\r\n==87485==Process memory map follows:\r\n0x000000400000-0x0000004c7000/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch\r\n0x0000006c7000-0x0000006c8000/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch\r\n0x0000006c8000-0x0000006ca000/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch\r\n0x0000006ca000-0x000001b0e000\r\n0x00007fff7000-0x00008fff7000\r\n0x00008fff7000-0x02008fff7000\r\n0x02008fff7000-0x10007fff8000\r\n0x600000000000-0x603000000000\r\n0x603000000000-0x603000010000\r\n0x603000010000-0x604000000000\r\n0x604000000000-0x604000010000\r\n0x604000010000-0x608000000000\r\n0x608000000000-0x608000010000\r\n0x608000010000-0x60b000000000\r\n0x60b000000000-0x60b000010000\r\n0x60b000010000-0x60e000000000\r\n0x60e000000000-0x60e000010000\r\n0x60e000010000-0x611000000000\r\n0x611000000000-0x611000010000\r\n0x611000010000-0x615000000000\r\n0x615000000000-0x615000020000\r\n0x615000020000-0x616000000000\r\n0x616000000000-0x616000020000\r\n0x616000020000-0x619000000000\r\n0x619000000000-0x619000020000\r\n0x619000020000-0x61e000000000\r\n0x61e000000000-0x61e000020000\r\n0x61e000020000-0x621000000000\r\n0x621000000000-0x621000020000\r\n0x621000020000-0x624000000000\r\n0x624000000000-0x624000020000\r\n0x624000020000-0x640000000000\r\n0x640000000000-0x640000003000\r\n0x7fdf6b253000-0x7fdf6d756000\r\n0x7fdf6d756000-0x7fdf6d914000/lib/x86_64-linux-gnu/libc-2.19.so\r\n0x7fdf6d914000-0x7fdf6db13000/lib/x86_64-linux-gnu/libc-2.19.so\r\n0x7fdf6db13000-0x7fdf6db17000/lib/x86_64-linux-gnu/libc-2.19.so\r\n0x7fdf6db17000-0x7fdf6db19000/lib/x86_64-linux-gnu/libc-2.19.so\r\n0x7fdf6db19000-0x7fdf6db1e000\r\n0x7fdf6db1e000-0x7fdf6db34000/lib/x86_64-linux-gnu/libgcc_s.so.1\r\n0x7fdf6db34000-0x7fdf6dd33000/lib/x86_64-linux-gnu/libgcc_s.so.1\r\n0x7fdf6dd33000-0x7fdf6dd34000/lib/x86_64-linux-gnu/libgcc_s.so.1\r\n0x7fdf6dd34000-0x7fdf6de1a000/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19\r\n0x7fdf6de1a000-0x7fdf6e019000/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19\r\n0x7fdf6e019000-0x7fdf6e021000/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19\r\n0x7fdf6e021000-0x7fdf6e023000/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19\r\n0x7fdf6e023000-0x7fdf6e038000\r\n0x7fdf6e038000-0x7fdf6e03b000/lib/x86_64-linux-gnu/libdl-2.19.so\r\n0x7fdf6e03b000-0x7fdf6e23a000/lib/x86_64-linux-gnu/libdl-2.19.so\r\n0x7fdf6e23a000-0x7fdf6e23b000/lib/x86_64-linux-gnu/libdl-2.19.so\r\n0x7fdf6e23b000-0x7fdf6e23c000/lib/x86_64-linux-gnu/libdl-2.19.so\r\n0x7fdf6e23c000-0x7fdf6e243000/lib/x86_64-linux-gnu/librt-2.19.so\r\n0x7fdf6e243000-0x7fdf6e442000/lib/x86_64-linux-gnu/librt-2.19.so\r\n0x7fdf6e442000-0x7fdf6e443000/lib/x86_64-linux-gnu/librt-2.19.so\r\n0x7fdf6e443000-0x7fdf6e444000/lib/x86_64-linux-gnu/librt-2.19.so\r\n0x7fdf6e444000-0x7fdf6e45d000/lib/x86_64-linux-gnu/libpthread-2.19.so\r\n0x7fdf6e45d000-0x7fdf6e65c000/lib/x86_64-linux-gnu/libpthread-2.19.so\r\n0x7fdf6e65c000-0x7fdf6e65d000/lib/x86_64-linux-gnu/libpthread-2.19.so\r\n0x7fdf6e65d000-0x7fdf6e65e000/lib/x86_64-linux-gnu/libpthread-2.19.so\r\n0x7fdf6e65e000-0x7fdf6e662000\r\n0x7fdf6e662000-0x7fdf6e767000/lib/x86_64-linux-gnu/libm-2.19.so\r\n0x7fdf6e767000-0x7fdf6e966000/lib/x86_64-linux-gnu/libm-2.19.so\r\n0x7fdf6e966000-0x7fdf6e967000/lib/x86_64-linux-gnu/libm-2.19.so\r\n0x7fdf6e967000-0x7fdf6e968000/lib/x86_64-linux-gnu/libm-2.19.so\r\n0x7fdf6e968000-0x7fdf6e9bd000/usr/local/lib/libSoundTouch.so.1.0.0\r\n0x7fdf6e9bd000-0x7fdf6ebbd000/usr/local/lib/libSoundTouch.so.1.0.0\r\n0x7fdf6ebbd000-0x7fdf6ebbe000/usr/local/lib/libSoundTouch.so.1.0.0\r\n0x7fdf6ebbe000-0x7fdf6ebc1000/usr/local/lib/libSoundTouch.so.1.0.0\r\n0x7fdf6ebc1000-0x7fdf6ebe4000/lib/x86_64-linux-gnu/ld-2.19.so\r\n0x7fdf6edb1000-0x7fdf6edc8000\r\n0x7fdf6edca000-0x7fdf6edd7000\r\n0x7fdf6edda000-0x7fdf6ede3000\r\n0x7fdf6ede3000-0x7fdf6ede4000/lib/x86_64-linux-gnu/ld-2.19.so\r\n0x7fdf6ede4000-0x7fdf6ede5000/lib/x86_64-linux-gnu/ld-2.19.so\r\n0x7fdf6ede5000-0x7fdf6ede6000\r\n0x7ffcb0503000-0x7ffcb0524000[stack]\r\n0x7ffcb05a4000-0x7ffcb05a6000[vvar]\r\n0x7ffcb05a6000-0x7ffcb05a8000[vdso]\r\n0xffffffffff600000-0xffffffffff601000[vsyscall]\r\n==87485==End of process memory map.\r\n==87485==AddressSanitizer CHECK failed: /build/buildd/llvm-toolchain-3.4-3.4/projects/compiler-rt/lib/sanitizer_common/sanitizer_posix.cc:68 \"((\"unable to mmap\" && 0)) != (0)\" (0x0, 0x0)\r\n #0 0x46da6f in __asan::AsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch+0x46da6f)\r\n #1 0x4732d1 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch+0x4732d1)\r\n #2 0x477b9e in __sanitizer::MmapOrDie(unsigned long, char const*) (/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch+0x477b9e)\r\n #3 0x433278 in __sanitizer::LargeMmapAllocator<__asan::AsanMapUnmapCallback>::Allocate(__sanitizer::AllocatorStats*, unsigned long, unsigned long) (/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch+0x433278)\r\n #4 0x42f2bb in __asan::Allocate(unsigned long, unsigned long, __sanitizer::StackTrace*, __asan::AllocType, bool) (/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch+0x42f2bb)\r\n #5 0x46824d in operator new[](unsigned long) (/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch+0x46824d)\r\n #6 0x7fdf6e993d8e in soundtouch::TDStretch::acceptNewOverlapLength(int) /home/a/Downloads/soundtouch/source/SoundTouch/TDStretch.cpp:724\r\n #7 0x7fdf6e993d8e in soundtouch::TDStretch::calculateOverlapLength(int) /home/a/Downloads/soundtouch/source/SoundTouch/TDStretch.cpp:1008\r\n #8 0x7fdf6e9901f0 in soundtouch::TDStretch::setParameters(int, int, int, int) /home/a/Downloads/soundtouch/source/SoundTouch/TDStretch.cpp:158\r\n #9 0x7fdf6e998910 in soundtouch::TDStretch::setChannels(int) /home/a/Downloads/soundtouch/source/SoundTouch/TDStretch.cpp:599\r\n #10 0x47f825 in setup(soundtouch::SoundTouch*, WavInFile const*, RunParameters const*) /home/a/Downloads/soundtouch/source/SoundStretch/main.cpp:127\r\n #11 0x47f825 in main /home/a/Downloads/soundtouch/source/SoundStretch/main.cpp:310\r\n #12 0x7fdf6d777f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)\r\n #13 0x47dbac in _start (/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch+0x47dbac)\r\n\r\n\r\n POC:\r\n SoundTouch_1.9.2_infinite_loop.wav\r\n CVE:\r\n CVE-2017-9259\r\n\r\n\r\n 3.\r\n the TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 can cause a denial of service(heap-buffer-overflow and application crash) via a crafted wav file.\r\n\r\n\r\n./soundstretch SoundTouch_1.9.2_heap_buffer_overflow.wav out\r\n\r\n\r\n==87598==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x625000007110 at pc 0x7f5076e3c3dc bp 0x7ffda7a42e10 sp 0x7ffda7a42e08\r\nREAD of size 16 at 0x625000007110 thread T0\r\n #0 0x7f5076e3c3db in soundtouch::TDStretchSSE::calcCrossCorr(float const*, float const*, double&) /home/a/Downloads/soundtouch/source/SoundTouch/sse_optimized.cpp:120:35\r\n #1 0x7f5076e1f0f9 in soundtouch::TDStretch::seekBestOverlapPositionFull(float const*) /home/a/Downloads/soundtouch/source/SoundTouch/TDStretch.cpp:305\r\n #2 0x7f5076e1ee2c in soundtouch::TDStretch::seekBestOverlapPosition(float const*) /home/a/Downloads/soundtouch/source/SoundTouch/TDStretch.cpp:258\r\n #3 0x7f5076e21e88 in soundtouch::TDStretch::processSamples() /home/a/Downloads/soundtouch/source/SoundTouch/TDStretch.cpp:659\r\n #4 0x7f5076e12893 in soundtouch::FIFOSamplePipe::moveSamples(soundtouch::FIFOSamplePipe&) /home/a/Downloads/soundtouch/source/SoundTouch/../../include/FIFOSamplePipe.h:88\r\n #5 0x7f5076e12893 in soundtouch::SoundTouch::putSamples(float const*, unsigned int) /home/a/Downloads/soundtouch/source/SoundTouch/SoundTouch.cpp:334\r\n #6 0x480f5e in process(soundtouch::SoundTouch*, WavInFile*, WavOutFile*) /home/a/Downloads/soundtouch/source/SoundStretch/main.cpp:200\r\n #7 0x480f5e in main /home/a/Downloads/soundtouch/source/SoundStretch/main.cpp:314\r\n #8 0x7f5075c00f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)\r\n #9 0x47dbac in _start (/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch+0x47dbac)\r\n\r\n\r\n0x625000007110 is located 0 bytes to the right of 8208-byte region [0x625000005100,0x625000007110)\r\nallocated by thread T0 here:\r\n #0 0x468209 in operator new[](unsigned long) (/home/a/Downloads/soundtouch/source/SoundStretch/.libs/soundstretch+0x468209)\r\n #1 0x7f5076e055db in soundtouch::FIFOSampleBuffer::ensureCapacity(unsigned int) /home/a/Downloads/soundtouch/source/SoundTouch/FIFOSampleBuffer.cpp:174\r\n\r\n\r\nSUMMARY: AddressSanitizer: heap-buffer-overflow /home/a/Downloads/soundtouch/source/SoundTouch/sse_optimized.cpp:120 soundtouch::TDStretchSSE::calcCrossCorr(float const*, float const*, double&)\r\nShadow bytes around the buggy address:\r\n 0x0c4a7fff8dd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x0c4a7fff8de0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x0c4a7fff8df0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x0c4a7fff8e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x0c4a7fff8e10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n=>0x0c4a7fff8e20: 00 00[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n 0x0c4a7fff8e30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n 0x0c4a7fff8e40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n 0x0c4a7fff8e50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n 0x0c4a7fff8e60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n 0x0c4a7fff8e70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\nShadow byte legend (one shadow byte represents 8 application bytes):\r\n Addressable: 00\r\n Partially addressable: 01 02 03 04 05 06 07 \r\n Heap left redzone: fa\r\n Heap right redzone: fb\r\n Freed heap region: fd\r\n Stack left redzone: f1\r\n Stack mid redzone: f2\r\n Stack right redzone: f3\r\n Stack partial redzone: f4\r\n Stack after return: f5\r\n Stack use after scope: f8\r\n Global redzone: f9\r\n Global init order: f6\r\n Poisoned by user: f7\r\n ASan internal: fe\r\n==87598==ABORTING\r\n\r\n\r\nPOC:\r\nSoundTouch_1.9.2_heap_buffer_overflow.wav\r\nCVE:\r\nCVE-2017-9260\r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/42389.zip", "sourceHref": "https://www.exploit-db.com/download/42389", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "debiancve": [{"lastseen": "2021-12-14T17:52:51", "description": "The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-27T06:29:00", "type": "debiancve", "title": "CVE-2017-9259", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9259"], "modified": "2017-07-27T06:29:00", "id": "DEBIANCVE:CVE-2017-9259", "href": "https://security-tracker.debian.org/tracker/CVE-2017-9259", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-12-14T17:52:51", "description": "The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-27T06:29:00", "type": "debiancve", "title": "CVE-2017-9260", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9260"], "modified": "2017-07-27T06:29:00", "id": "DEBIANCVE:CVE-2017-9260", "href": "https://security-tracker.debian.org/tracker/CVE-2017-9260", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-12-14T17:52:51", "description": "The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-27T06:29:00", "type": "debiancve", "title": "CVE-2017-9258", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9258"], "modified": "2017-07-27T06:29:00", "id": "DEBIANCVE:CVE-2017-9258", "href": "https://security-tracker.debian.org/tracker/CVE-2017-9258", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:41:03", "description": "The TDStretch::acceptNewOverlapLength function in\nsource/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers\nto cause a denial of service (memory allocation error and application\ncrash) via a crafted wav file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-27T00:00:00", "type": "ubuntucve", "title": "CVE-2017-9259", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9259"], "modified": "2017-07-27T00:00:00", "id": "UB:CVE-2017-9259", "href": "https://ubuntu.com/security/CVE-2017-9259", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-22T21:41:03", "description": "The TDStretchSSE::calcCrossCorr function in\nsource/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote\nattackers to cause a denial of service (heap-based buffer over-read and\napplication crash) via a crafted wav file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-27T00:00:00", "type": "ubuntucve", "title": "CVE-2017-9260", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9260"], "modified": "2017-07-27T00:00:00", "id": "UB:CVE-2017-9260", "href": "https://ubuntu.com/security/CVE-2017-9260", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-22T21:41:03", "description": "The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp\nin SoundTouch 1.9.2 allows remote attackers to cause a denial of service\n(infinite loop and CPU consumption) via a crafted wav file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-27T00:00:00", "type": "ubuntucve", "title": "CVE-2017-9258", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9258"], "modified": "2017-07-27T00:00:00", "id": "UB:CVE-2017-9258", "href": "https://ubuntu.com/security/CVE-2017-9258", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "redhatcve": [{"lastseen": "2021-09-02T22:48:40", "description": "The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-27T09:49:09", "type": "redhatcve", "title": "CVE-2017-9259", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9259"], "modified": "2019-10-12T01:04:03", "id": "RH:CVE-2017-9259", "href": "https://access.redhat.com/security/cve/cve-2017-9259", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-02T22:48:39", "description": "The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-27T09:48:41", "type": "redhatcve", "title": "CVE-2017-9260", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9260"], "modified": "2019-10-12T01:04:03", "id": "RH:CVE-2017-9260", "href": "https://access.redhat.com/security/cve/cve-2017-9260", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-02T22:48:40", "description": "The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-27T09:49:21", "type": "redhatcve", "title": "CVE-2017-9258", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9258"], "modified": "2019-10-12T01:04:00", "id": "RH:CVE-2017-9258", "href": "https://access.redhat.com/security/cve/cve-2017-9258", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "cve": [{"lastseen": "2022-03-23T18:56:01", "description": "The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-27T06:29:00", "type": "cve", "title": "CVE-2017-9259", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9259"], "modified": "2017-08-12T01:29:00", "cpe": ["cpe:/a:surina:soundtouch:1.9.2"], "id": "CVE-2017-9259", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9259", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:surina:soundtouch:1.9.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T18:56:02", "description": "The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-27T06:29:00", "type": "cve", "title": "CVE-2017-9260", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9260"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:surina:soundtouch:1.9.2"], "id": "CVE-2017-9260", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9260", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:surina:soundtouch:1.9.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T18:56:00", "description": "The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-27T06:29:00", "type": "cve", "title": "CVE-2017-9258", "cwe": ["CWE-835"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9258"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:surina:soundtouch:1.9.2"], "id": "CVE-2017-9258", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9258", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:surina:soundtouch:1.9.2:*:*:*:*:*:*:*"]}]}