logo
DATABASE RESOURCES PRICING ABOUT US

libsndfile - security update

Description

Multiple vulnerabilities have been found in libsndfile, the library for reading and writing files containing sampled sound. * [CVE-2017-8361](https://security-tracker.debian.org/tracker/CVE-2017-8361) The flac\_buffer\_copy function (flac.c) is affected by a buffer overflow. This vulnerability might be leveraged by remote attackers to cause a denial of service, or possibly have unspecified other impact via a crafted audio file. * [CVE-2017-8362](https://security-tracker.debian.org/tracker/CVE-2017-8362) The flac\_buffer\_copy function (flac.c) is affected by an out-of-bounds read vulnerability. This flaw might be leveraged by remote attackers to cause a denial of service via a crafted audio file. * [CVE-2017-8363](https://security-tracker.debian.org/tracker/CVE-2017-8363) The flac\_buffer\_copy function (flac.c) is affected by a heap based OOB read vulnerability. This flaw might be leveraged by remote attackers to cause a denial of service via a crafted audio file. * [CVE-2017-8365](https://security-tracker.debian.org/tracker/CVE-2017-8365) The i2les\_array function (pcm.c) is affected by a global buffer overflow. This vulnerability might be leveraged by remote attackers to cause a denial of service, or possibly have unspecified other impact via a crafted audio file. * [CVE-2017-14245](https://security-tracker.debian.org/tracker/CVE-2017-14245) / [CVE-2017-14246](https://security-tracker.debian.org/tracker/CVE-2017-14246) / [CVE-2017-17456](https://security-tracker.debian.org/tracker/CVE-2017-17456) / [CVE-2017-17457](https://security-tracker.debian.org/tracker/CVE-2017-17457) The d2alaw\_array() and d2ulaw\_array() functions (src/ulaw.c and src/alaw.c) are affected by an out-of-bounds read vulnerability. This flaw might be leveraged by remote attackers to cause denial of service or information disclosure via a crafted audio file. * [CVE-2017-14634](https://security-tracker.debian.org/tracker/CVE-2017-14634) The double64\_init() function (double64.c) is affected by a divide-by-zero error. This vulnerability might be leveraged by remote attackers to cause denial of service via a crafted audio file. * [CVE-2018-13139](https://security-tracker.debian.org/tracker/CVE-2018-13139) The psf\_memset function (common.c) is affected by a stack-based buffer overflow. This vulnerability might be leveraged by remote attackers to cause a denial of service, or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave. * [CVE-2018-19432](https://security-tracker.debian.org/tracker/CVE-2018-19432) The sf\_write\_int function (src/sndfile.c) is affected by an out-of-bounds read vulnerability. This flaw might be leveraged by remote attackers to cause a denial of service via a crafted audio file. * [CVE-2018-19661](https://security-tracker.debian.org/tracker/CVE-2018-19661) / [CVE-2018-19662](https://security-tracker.debian.org/tracker/CVE-2018-19662) The i2alaw\_array() and i2ulaw\_array() functions (src/ulaw.c and src/alaw.c) are affected by an out-of-bounds read vulnerability. This flaw might be leveraged by remote attackers to cause denial of service or information disclosure via a crafted audio file. For Debian 8 Jessie, these problems have been fixed in version 1.0.25-9.1+deb8u2. We recommend that you upgrade your libsndfile packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: <https://wiki.debian.org/LTS>


Affected Software


CPE Name Name Version
libsndfile 1.0.25-9.1
libsndfile 1.0.25-9.1+deb8u1

Related