Main Vulnerability Database SB2019012515

SB2019012515 - OpenSUSE Linux update for soundtouch

Published: January 25, 2019

Security Bulletin ID SB2019012515

Severity

High

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Double-free error (CVE-ID: CVE-2018-17097)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to double-free error in WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch. A remote attacker can send specially crafted input and cause the application exit, as demonstrated by SoundStretch.

2) Heap-based buffer overflow (CVE-ID: CVE-2018-17098)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to heap-based buffer overflow in WavFileBase class in WavFile.cpp in in Olli Parviainen SoundTouch. A remote attacker can send specially crafted input, trigger memory corruption and cause the application exit, as demonstrated by SoundStretch.

Remediation

Install update from vendor's website.

References

https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00032.html