SB2017060513 - Fedora 25 update for libsndfile

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017060513

SB2017060513 - Fedora 25 update for libsndfile

Published: June 5, 2017 Updated: April 24, 2025

Security Bulletin ID SB2017060513
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Partial DoS

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 vulnerabilities.


1) Heap-based buffer overflow (CVE-ID: CVE-2017-8363)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to heap-based buffer over-read in the flac_buffer_copy function in flac.c in libsndfile. A remote attacker can send a specially crafted audio file, trick the victim into opening it, trigger memory corruption and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

2) Buffer over-read (CVE-ID: CVE-2017-8365)

CWE-ID: CWE-126 - Buffer over-read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to buffer over-read in the i2les_array function in pcm.c in libsndfile. A remote attacker can send a specially crafted audio file, trick the victim into opening it and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

3) Out-of-bounds read (CVE-ID: CVE-2017-8362)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read in the flac_buffer_copy function in flac.c. A remote attacker can send a specially crafted audio file, trick the victim into opening it and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

4) Buffer overflow (CVE-ID: CVE-2017-8361)

CWE-ID: CWE-120 - Buffer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to buffer overflow in the flac_buffer_copy function in flac.c. A remote attacker can send a specially crafted audio file, trick the victim into opening it, trigger memory corruption and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

References