CVE-2017-7741
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-7741
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7741.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-7741
- Downstream
- Related
- Published
- 2017-04-12T18:59:00Z
- Modified
- 2025-09-19T09:08:26.699587Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In libsndfile before 1.0.28, an error in the "flacbuffercopy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
- References
Affected packages
Alpine:v3.10
libsndfile
Alpine:v3.11
libsndfile
Alpine:v3.12
libsndfile
Alpine:v3.13
libsndfile
Alpine:v3.14
libsndfile
Alpine:v3.15
libsndfile
Alpine:v3.16
libsndfile
Alpine:v3.17
libsndfile
Alpine:v3.18
libsndfile
Alpine:v3.19
libsndfile
Alpine:v3.2
libsndfile
Alpine:v3.20
libsndfile
Alpine:v3.21
libsndfile
Alpine:v3.22
libsndfile
Alpine:v3.3
libsndfile
Alpine:v3.4
libsndfile
Alpine:v3.5
libsndfile
Alpine:v3.6
libsndfile
Alpine:v3.7
libsndfile
Alpine:v3.8
libsndfile
Alpine:v3.9
libsndfile
Git
github.com/erikd/libsndfile
Affected ranges
- Type
- GIT
- Repo
- https://github.com/erikd/libsndfile
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Type
- GIT
- Repo
- https://github.com/libsndfile/libsndfile
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
{
"vanir_signatures": [
{
"source": "https://github.com/libsndfile/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2017-7741-1b2d10b9",
"target": {
"file": "src/flac.c",
"function": "flac_read_loop"
},
"digest": {
"function_hash": "169080564912528090674624408017457554629",
"length": 496.0
},
"signature_type": "Function"
},
{
"source": "https://github.com/libsndfile/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2017-7741-cd721512",
"target": {
"file": "src/flac.c"
},
"digest": {
"line_hashes": [
"109114571929507273310220021172740815815",
"76368128462217476998474735940412218708",
"303874596321044913956374893106939443276",
"264720290231741206551401345704081189001",
"135197557860603977353365421121237074332",
"263717283414918463731512000258528158035",
"99473988875365107291149998678668723177",
"199401478924829965301066403515308793905",
"59203162092611165790685795512464043510",
"19630209495980016236699389021759122784",
"127472803089175278493327389638594133972",
"195930973569973496231622457582848119489",
"91490283884465664276103671799831603059",
"13944221043548351812104027530949724896",
"109574527705998071928987124103849904768",
"227635834078458020049011341189234464981",
"199122207842648883783322305368703206147",
"836793104164813475992833902021667257",
"33688393261765994374588592882870440196",
"234433096601653574015743753327543798381",
"91088291842320796586954771010102965668",
"42764800811181595291975281012947374671",
"308076142000906389299207724540468217286",
"128999497043501194925248892451091219059",
"160753735249779509303007042741803534334",
"219704455362068007023001041133111634127",
"214083110146677973311463626405359553833",
"39200702163750044999781941082996055539"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"source": "https://github.com/libsndfile/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2017-7741-fa025f04",
"target": {
"file": "src/flac.c",
"function": "flac_buffer_copy"
},
"digest": {
"function_hash": "58142569931487262227866425697707993698",
"length": 3722.0
},
"signature_type": "Function"
}
]
}