CVE-2017-6831

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-6831
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-6831.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-6831
Downstream
Related
Published
2017-03-20T16:59:02Z
Modified
2025-09-19T09:05:39.087526Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.

References

Affected packages

Git / github.com/antlarr/audiofile

Affected ranges

Type
GIT
Repo
https://github.com/antlarr/audiofile
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6
Type
GIT
Repo
https://github.com/mpruett/audiofile
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0fded995a7a29aac46bda56c84555048305c6bf8
Last affected
2ff39015082e33b97e546c30ecb4170cd73b3285
Last affected
382ed422033d53bd711ace66394c5249a5e214a4
Last affected
7113d9f09177e5f1919698fa4610936b0b0013b1
Last affected
bae63371740e659b25d3b780f059dcafdef9b25b
Last affected
d19a5ace5ae891c778cbc710d78634de6084b846
Last affected
f7d4869217acf7f4771d148002d4287f31e1c2d8
Last affected
fe639fca31befbfbdf1bf45c7593fff1386d67da

Affected versions

audiofile-0.*

audiofile-0.2.1
audiofile-0.2.2
audiofile-0.2.3
audiofile-0.2.4
audiofile-0.2.5
audiofile-0.2.6
audiofile-0.2.7
audiofile-0.3.0
audiofile-0.3.1
audiofile-0.3.2
audiofile-0.3.3
audiofile-0.3.4
audiofile-0.3.5
audiofile-0.3.6

Database specific 

{
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_type": "Line",
            "source": "https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6",
            "target": {
                "file": "libaudiofile/WAVE.cpp"
            },
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "331470145967194600774318625752253890445",
                    "232798939947800200754239479194282584567",
                    "219950778595101875391487318990529141915",
                    "9931794692818815536740976616195528411",
                    "313616948841340480450728645639032661791",
                    "185358438352405145440304294832130766911",
                    "668093673687982700959098601548676743",
                    "221765431166475582793187396825314521101"
                ]
            },
            "id": "CVE-2017-6831-314568ec"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6",
            "target": {
                "file": "libaudiofile/WAVE.cpp",
                "function": "WAVEFile::parseFormat"
            },
            "signature_version": "v1",
            "digest": {
                "function_hash": "90884721003669009012809751076469776921",
                "length": 5810.0
            },
            "id": "CVE-2017-6831-571136c3"
        }
    ]
}