SB2017041417 - Denial of service in libsndfile (Alpine package)
Published: April 14, 2017
Security Bulletin ID
SB2017041417
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Denial of service (CVE-ID: CVE-2017-7742)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to a read memory access flaw in the flac_buffer_copy function in flac.c. A remote attacker can send a specially crafted FLAC file, trick the victim into opening it, trigger a segmentation violation and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=2272f43516da3b21db1048c3b8ffdc96a084c175
- https://git.alpinelinux.org/aports/commit/?id=a26f59185b03aab7c54f2f2c1af61547cb26902a
- https://git.alpinelinux.org/aports/commit/?id=eca01df34c7377001329ab44e76e8652094cd4be
- https://git.alpinelinux.org/aports/commit/?id=49b4ba77c180eea380f7eb5db100fc83162143e5
- https://git.alpinelinux.org/aports/commit/?id=6916b57a3b0b5200fbcd5f6b22a9d21bbe9098d6
- https://git.alpinelinux.org/aports/commit/?id=1ad78b64ab837de1859c7e3cd0da1ebf1852c6b7
- https://git.alpinelinux.org/aports/commit/?id=6b7f756b4b5ffe15bac1619bafc5a1eefe7f8b52
- https://git.alpinelinux.org/aports/commit/?id=a6f844f8d0fbeeb5f6fc61e90b7bfb343809e60a