CVE-2017-6839

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-6839
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-6839.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-6839
Downstream
Related
Published
2017-03-20T16:59:03Z
Modified
2025-09-19T09:05:46.246711Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.

References

Affected packages

Git / github.com/antlarr/audiofile

Affected ranges

Type
GIT
Repo
https://github.com/antlarr/audiofile
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
beacc44eb8cdf6d58717ec1a5103c5141f1b37f9
Type
GIT
Repo
https://github.com/mpruett/audiofile
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d19a5ace5ae891c778cbc710d78634de6084b846

Affected versions

audiofile-0.*

audiofile-0.2.1
audiofile-0.2.2
audiofile-0.2.3
audiofile-0.2.4
audiofile-0.2.5
audiofile-0.2.6
audiofile-0.2.7
audiofile-0.3.0
audiofile-0.3.1
audiofile-0.3.2
audiofile-0.3.3
audiofile-0.3.4
audiofile-0.3.5
audiofile-0.3.6

Database specific 

{
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "target": {
                "function": "decodeSample",
                "file": "libaudiofile/modules/MSADPCM.cpp"
            },
            "digest": {
                "function_hash": "269378770409608965799137787203291963241",
                "length": 493.0
            },
            "id": "CVE-2017-6839-09423e28",
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9"
        },
        {
            "signature_type": "Line",
            "target": {
                "file": "libaudiofile/modules/BlockCodec.cpp"
            },
            "digest": {
                "line_hashes": [
                    "220852203486854632259114265972360760882",
                    "99487366264287345918979816126119704450",
                    "203135819436998624112124062812465545103",
                    "290752388438649776315062149186752115589",
                    "223677950085970125698748963094553482553"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2017-6839-4a956557",
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9"
        },
        {
            "signature_type": "Function",
            "target": {
                "function": "BlockCodec::runPull",
                "file": "libaudiofile/modules/BlockCodec.cpp"
            },
            "digest": {
                "function_hash": "37086987969042278410115995477574460137",
                "length": 735.0
            },
            "id": "CVE-2017-6839-5f755c9b",
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9"
        },
        {
            "signature_type": "Line",
            "target": {
                "file": "libaudiofile/modules/MSADPCM.cpp"
            },
            "digest": {
                "line_hashes": [
                    "43809085715164095328447423597818484676",
                    "137557301359463687782343477738570082876",
                    "185036624536393529378376644066663832280",
                    "211276807452206746346985070771586213487",
                    "14484044583302034278140276155491173105",
                    "213509923562726303155028634844162934",
                    "309046715169230641191913926761287537935",
                    "64993564676721580550357825334597848791",
                    "272562106273374523620155220607225095131",
                    "43487972156410142414004002451423037967",
                    "200613406044906385704156883707001193345",
                    "262676619024757633390326687973804762347",
                    "81836241829782013104676594440901035105",
                    "52275635500431997119244442051151445389",
                    "317689651742301767301724927393694340567",
                    "283752304825159227858715702157587810050",
                    "305910223421070458860802885755228187437",
                    "337712090481844601611814139825148700405",
                    "176892919657852793178371683718377101479",
                    "178760306780470800654701465275712660647",
                    "34501833741225456506366995458220628937",
                    "208509645371920523152770363137329176484",
                    "256228787465506085387718565166232233310",
                    "244212447714037888948794784204291158807",
                    "262730227877744945216748071566545358210"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2017-6839-a929498a",
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9"
        },
        {
            "signature_type": "Function",
            "target": {
                "function": "MSADPCM::decodeBlock",
                "file": "libaudiofile/modules/MSADPCM.cpp"
            },
            "digest": {
                "function_hash": "137115012056432832236390293459518966179",
                "length": 1490.0
            },
            "id": "CVE-2017-6839-cee1ba4c",
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9"
        }
    ]
}