English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.891618
Category:Debian Local Security Checks
Title:Debian LTS Advisory ([SECURITY] [DLA 1618-1] libsndfile security update)
Summary:Multiple vulnerabilities have been found in libsndfile, the library for;reading and writing files containing sampled sound.;;CVE-2017-8361;;The flac_buffer_copy function (flac.c) is affected by a buffer;overflow. This vulnerability might be leveraged by remote attackers to;cause a denial of service, or possibly have unspecified other impact;via a crafted audio file.;;CVE-2017-8362;;The flac_buffer_copy function (flac.c) is affected by an out-of-bounds;read vulnerability. This flaw might be leveraged by remote attackers to;cause a denial of service via a crafted audio file.;;CVE-2017-8363;;The flac_buffer_copy function (flac.c) is affected by a heap based OOB;read vulnerability. This flaw might be leveraged by remote attackers to;cause a denial of service via a crafted audio file.;;CVE-2017-8365;;The i2les_array function (pcm.c) is affected by a global buffer;overflow. This vulnerability might be leveraged by remote attackers to;cause a denial of service, or possibly have unspecified other impact;via a crafted audio file.;;CVE-2017-14245;CVE-2017-14246;CVE-2017-17456;CVE-2017-17457;;The d2alaw_array() and d2ulaw_array() functions (src/ulaw.c and;src/alaw.c) are affected by an out-of-bounds read vulnerability. This;flaw might be leveraged by remote attackers to cause denial of service;or information disclosure via a crafted audio file.;;CVE-2017-14634;;The double64_init() function (double64.c) is affected by a;divide-by-zero error. This vulnerability might be leveraged by remote;attackers to cause denial of service via a crafted audio file.;;CVE-2018-13139;;The psf_memset function (common.c) is affected by a stack-based buffer;overflow. This vulnerability might be leveraged by remote attackers to;cause a denial of service, or possibly have unspecified other impact;via a crafted audio file. The vulnerability can be triggered by the;executable sndfile-deinterleave.;;CVE-2018-19432;;The sf_write_int function (src/sndfile.c) is affected by an;out-of-bounds read vulnerability. This flaw might be leveraged by;remote attackers to cause a denial of service via a crafted audio file.;;CVE-2018-19661;CVE-2018-19662;;The i2alaw_array() and i2ulaw_array() functions (src/ulaw.c and;src/alaw.c) are affected by an out-of-bounds read vulnerability. This;flaw might be leveraged by remote attackers to cause denial of service;or information disclosure via a crafted audio file.
Description:Summary:
Multiple vulnerabilities have been found in libsndfile, the library for
reading and writing files containing sampled sound.

CVE-2017-8361

The flac_buffer_copy function (flac.c) is affected by a buffer
overflow. This vulnerability might be leveraged by remote attackers to
cause a denial of service, or possibly have unspecified other impact
via a crafted audio file.

CVE-2017-8362

The flac_buffer_copy function (flac.c) is affected by an out-of-bounds
read vulnerability. This flaw might be leveraged by remote attackers to
cause a denial of service via a crafted audio file.

CVE-2017-8363

The flac_buffer_copy function (flac.c) is affected by a heap based OOB
read vulnerability. This flaw might be leveraged by remote attackers to
cause a denial of service via a crafted audio file.

CVE-2017-8365

The i2les_array function (pcm.c) is affected by a global buffer
overflow. This vulnerability might be leveraged by remote attackers to
cause a denial of service, or possibly have unspecified other impact
via a crafted audio file.

CVE-2017-14245
CVE-2017-14246
CVE-2017-17456
CVE-2017-17457

The d2alaw_array() and d2ulaw_array() functions (src/ulaw.c and
src/alaw.c) are affected by an out-of-bounds read vulnerability. This
flaw might be leveraged by remote attackers to cause denial of service
or information disclosure via a crafted audio file.

CVE-2017-14634

The double64_init() function (double64.c) is affected by a
divide-by-zero error. This vulnerability might be leveraged by remote
attackers to cause denial of service via a crafted audio file.

CVE-2018-13139

The psf_memset function (common.c) is affected by a stack-based buffer
overflow. This vulnerability might be leveraged by remote attackers to
cause a denial of service, or possibly have unspecified other impact
via a crafted audio file. The vulnerability can be triggered by the
executable sndfile-deinterleave.

CVE-2018-19432

The sf_write_int function (src/sndfile.c) is affected by an
out-of-bounds read vulnerability. This flaw might be leveraged by
remote attackers to cause a denial of service via a crafted audio file.

CVE-2018-19661
CVE-2018-19662

The i2alaw_array() and i2ulaw_array() functions (src/ulaw.c and
src/alaw.c) are affected by an out-of-bounds read vulnerability. This
flaw might be leveraged by remote attackers to cause denial of service
or information disclosure via a crafted audio file.

Affected Software/OS:
libsndfile on Debian Linux

Solution:
For Debian 8 'Jessie', these problems have been fixed in version
1.0.25-9.1+deb8u2.

We recommend that you upgrade your libsndfile packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-8361
https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html
https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-flac_buffer_copy-flac-c/
https://security.gentoo.org/glsa/201811-23
Common Vulnerability Exposure (CVE) ID: CVE-2017-8362
https://blogs.gentoo.org/ago/2017/04/29/libsndfile-invalid-memory-read-in-flac_buffer_copy-flac-c/
Common Vulnerability Exposure (CVE) ID: CVE-2017-8363
https://blogs.gentoo.org/ago/2017/04/29/libsndfile-heap-based-buffer-overflow-in-flac_buffer_copy-flac-c/
Common Vulnerability Exposure (CVE) ID: CVE-2017-8365
https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-i2les_array-pcm-c/
CopyrightCopyright (c) 2018 Greenbone Networks GmbH http://greenbone.net

This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.