This update for soundtouch fixes the following issues:
- CVE-2018-17098: The WavFileBase class allowed remote attackers to cause
a denial of service (heap corruption from size inconsistency) or
possibly have unspecified other impact, as demonstrated by SoundStretch.
(bsc#1108632)
- CVE-2018-17097: The WavFileBase class allowed remote attackers to cause
a denial of service (double free) or possibly have unspecified other
impact, as demonstrated by SoundStretch. (double free) (bsc#1108631)
- CVE-2018-17096: The BPMDetect class allowed remote attackers to cause a
denial of service (assertion failure and application exit), as
demonstrated by SoundStretch. (bsc#1108630)
- CVE-2018-1000223: soundtouch contained a Buffer Overflow vulnerability
in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() that can result
in arbitrary code execution. This attack appear to be exploitable via
victim must open maliocius file in soundstretch utility. (boo#1103676)