AZL-7179 CVE-2017-6836 affecting package audiofile 0.3.6-27

Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library aka audiofile 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 allows remote attackers to cause a denial of service crash via a crafted file...

Denial of service

The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library aka audiofile 0.3.6 allows remote attackers to cause a denial of service divide-by-zero error and crash via a crafted file...

Heap overflow

Heap-based buffer overflow in the ulaw2linearbuf function in G711.cpp in Audio File Library aka audiofile 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service crash via a crafted file...

Code injection

WAVE.cpp in Audio File Library aka audiofile 0.3.6 allows remote attackers to cause a denial of service crash via vectors related to a large number of coefficients...

Integer overflow

Integer overflow in modules/MSADPCM.cpp in Audio File Library aka audiofile 0.3.6 allows remote attackers to cause a denial of service crash via a crafted file...

Design/Logic Flaw

The decodeSample function in IMA.cpp in Audio File Library aka audiofile 0.3.6 allows remote attackers to cause a denial of service crash via a crafted file...

Heap overflow

Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library aka audiofile 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a denial of service crash via a crafted file...

Heap overflow

Heap-based buffer overflow in the alaw2linearbuf function in G711.cpp in Audio File Library aka audiofile 0.3.6 allows remote attackers to cause a denial of service crash via a crafted file...

Integer overflow

Integer overflow in sfcommands/sfconvert.c in Audio File Library aka audiofile 0.3.6 allows remote attackers to cause a denial of service crash via a crafted file...

Heap overflow

Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library aka audiofile 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 allows remote attackers to cause a denial of service crash via a crafted file...

CVE-2017-6829

CVE-2017-6829 affects the Audio File Library (audiofile) 0.3.6. The vulnerability is a flaw in the decodeSample function in IMA.cpp that allows a crafted audio file to cause a denial of service (crash). Public advisories across multiple distributions confirm the issue and relate it to the same fa...

CVE-2017-6833

The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library aka audiofile 0.3.6 allows remote attackers to cause a denial of service divide-by-zero error and crash via a crafted file...

CVE-2017-6835

The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library aka audiofile 0.3.6 allows remote attackers to cause a denial of service divide-by-zero error and crash via a crafted file...

CVE-2017-6833

CVE-2017-6833 affects the Audio File Library (audiofile) 0.3.6; the runPull function in BlockCodec.cpp may trigger a divide-by-zero, crashing affected apps via a crafted file (DoS). Public advisories/patches indicate fixes in newer releases (e.g., audiofile 0.3.6-4 and equivalent upstream updates...

CVE-2017-6838

Audio File Library (audiofile) 0.3.6 is affected by CVE-2017-6838 due to an integer overflow in sfcommands/sfconvert.c, which can lead to denial of service via crafted files. The issue is acknowledged across multiple advisories (e.g., Arch Linux ASA-201708-9, Debian DSA-3814-1, Mageia/MGASA-2017-...

CVE-2017-6837

WAVE.cpp in Audio File Library aka audiofile 0.3.6 allows remote attackers to cause a denial of service crash via vectors related to a large number of coefficients...

CVE-2017-6834

CVE-2017-6834 is a heap-based buffer overflow in ulaw2linear_buf of Audio File Library (audiofile) 0.3.6 and earlier, allowing a crafted file to crash targeted applications (DoS). Public advisories indicate multiple vendors/distros patched this family (e.g., 0.3.6-4 and newer). Affected pages als...

CVE-2017-6836

Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library aka audiofile 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 allows remote attackers to cause a denial of service crash via a crafted file...

CVE-2017-6831

The CVE-2017-6831 issue affects the Audio File Library (audiofile) 0.3.6 and older, involving a heap-based buffer overflow in IMA.cpp::decodeBlockWAVE that can crash the application via a crafted file (DoS). Advisories (e.g., Arch Linux ASA-201708-9, Debian DSA-3814-1) indicate the fix is upstrea...

CVE-2017-6829

The decodeSample function in IMA.cpp in Audio File Library aka audiofile 0.3.6 allows remote attackers to cause a denial of service crash via a crafted file...