CVE-2017-6839

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-6839
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-6839.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-6839
Downstream
Related
Published
2017-03-20T16:59:03Z
Modified
2025-11-05T00:59:47.221388Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.

References

Affected packages

Git / github.com/antlarr/audiofile

Affected ranges

Type
GIT
Repo
https://github.com/antlarr/audiofile
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
beacc44eb8cdf6d58717ec1a5103c5141f1b37f9

Affected versions

audiofile-0.*

audiofile-0.2.1
audiofile-0.2.2
audiofile-0.2.3
audiofile-0.2.4
audiofile-0.2.5
audiofile-0.2.6
audiofile-0.2.7
audiofile-0.3.0
audiofile-0.3.1
audiofile-0.3.2
audiofile-0.3.3
audiofile-0.3.4
audiofile-0.3.5
audiofile-0.3.6

Database specific

vanir_signatures

[
    {
        "id": "CVE-2017-6839-09423e28",
        "source": "https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9",
        "signature_version": "v1",
        "target": {
            "file": "libaudiofile/modules/MSADPCM.cpp",
            "function": "decodeSample"
        },
        "deprecated": false,
        "digest": {
            "length": 493.0,
            "function_hash": "269378770409608965799137787203291963241"
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2017-6839-4a956557",
        "source": "https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9",
        "signature_version": "v1",
        "target": {
            "file": "libaudiofile/modules/BlockCodec.cpp"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "220852203486854632259114265972360760882",
                "99487366264287345918979816126119704450",
                "203135819436998624112124062812465545103",
                "290752388438649776315062149186752115589",
                "223677950085970125698748963094553482553"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2017-6839-5f755c9b",
        "source": "https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9",
        "signature_version": "v1",
        "target": {
            "file": "libaudiofile/modules/BlockCodec.cpp",
            "function": "BlockCodec::runPull"
        },
        "deprecated": false,
        "digest": {
            "length": 735.0,
            "function_hash": "37086987969042278410115995477574460137"
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2017-6839-a929498a",
        "source": "https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9",
        "signature_version": "v1",
        "target": {
            "file": "libaudiofile/modules/MSADPCM.cpp"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "43809085715164095328447423597818484676",
                "137557301359463687782343477738570082876",
                "185036624536393529378376644066663832280",
                "211276807452206746346985070771586213487",
                "14484044583302034278140276155491173105",
                "213509923562726303155028634844162934",
                "309046715169230641191913926761287537935",
                "64993564676721580550357825334597848791",
                "272562106273374523620155220607225095131",
                "43487972156410142414004002451423037967",
                "200613406044906385704156883707001193345",
                "262676619024757633390326687973804762347",
                "81836241829782013104676594440901035105",
                "52275635500431997119244442051151445389",
                "317689651742301767301724927393694340567",
                "283752304825159227858715702157587810050",
                "305910223421070458860802885755228187437",
                "337712090481844601611814139825148700405",
                "176892919657852793178371683718377101479",
                "178760306780470800654701465275712660647",
                "34501833741225456506366995458220628937",
                "208509645371920523152770363137329176484",
                "256228787465506085387718565166232233310",
                "244212447714037888948794784204291158807",
                "262730227877744945216748071566545358210"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2017-6839-cee1ba4c",
        "source": "https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9",
        "signature_version": "v1",
        "target": {
            "file": "libaudiofile/modules/MSADPCM.cpp",
            "function": "MSADPCM::decodeBlock"
        },
        "deprecated": false,
        "digest": {
            "length": 1490.0,
            "function_hash": "137115012056432832236390293459518966179"
        },
        "signature_type": "Function"
    }
]

Git / github.com/mpruett/audiofile

Affected ranges

Type
GIT
Repo
https://github.com/mpruett/audiofile
Events
Introduced
0 Unknown introduced commit / All previous commits are affected