In libsndfile version 1.0.28, an error in the "aiffreadchanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.
{ "vanir_signatures": [ { "digest": { "line_hashes": [ "276301945435074693087199541020521119743", "14628834658780185090095273237249298359", "53720112706389092750735275414534677008", "121306659812678256522025238680806655238" ], "threshold": 0.9 }, "signature_type": "Line", "signature_version": "v1", "id": "CVE-2017-6892-55444977", "target": { "file": "src/aiff.c" }, "source": "https://github.com/libsndfile/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748", "deprecated": false }, { "digest": { "length": 729.0, "function_hash": "331773818688109379266732464428607689228" }, "signature_type": "Function", "signature_version": "v1", "id": "CVE-2017-6892-71c78636", "target": { "file": "src/aiff.c", "function": "aiff_read_chanmap" }, "source": "https://github.com/libsndfile/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748", "deprecated": false } ] }