CVE-2017-7742

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-7742
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7742.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-7742
Downstream
Related
Published
2017-04-12T18:59:00Z
Modified
2025-10-15T09:06:14.285247Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In libsndfile before 1.0.28, an error in the "flacbuffercopy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.

References

Affected packages

Git / github.com/libsndfile/libsndfile

Affected ranges

Type
GIT
Repo
https://github.com/libsndfile/libsndfile
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/erikd/libsndfile
Events
Introduced
0 Unknown introduced commit / All previous commits are affected

Affected versions

1.*

1.0.25
1.0.26
1.0.27

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "id": "CVE-2017-7742-1b2d10b9",
        "source": "https://github.com/libsndfile/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0",
        "signature_version": "v1",
        "target": {
            "function": "flac_read_loop",
            "file": "src/flac.c"
        },
        "digest": {
            "function_hash": "169080564912528090674624408017457554629",
            "length": 496.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "id": "CVE-2017-7742-cd721512",
        "source": "https://github.com/libsndfile/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0",
        "signature_version": "v1",
        "target": {
            "file": "src/flac.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "109114571929507273310220021172740815815",
                "76368128462217476998474735940412218708",
                "303874596321044913956374893106939443276",
                "264720290231741206551401345704081189001",
                "135197557860603977353365421121237074332",
                "263717283414918463731512000258528158035",
                "99473988875365107291149998678668723177",
                "199401478924829965301066403515308793905",
                "59203162092611165790685795512464043510",
                "19630209495980016236699389021759122784",
                "127472803089175278493327389638594133972",
                "195930973569973496231622457582848119489",
                "91490283884465664276103671799831603059",
                "13944221043548351812104027530949724896",
                "109574527705998071928987124103849904768",
                "227635834078458020049011341189234464981",
                "199122207842648883783322305368703206147",
                "836793104164813475992833902021667257",
                "33688393261765994374588592882870440196",
                "234433096601653574015743753327543798381",
                "91088291842320796586954771010102965668",
                "42764800811181595291975281012947374671",
                "308076142000906389299207724540468217286",
                "128999497043501194925248892451091219059",
                "160753735249779509303007042741803534334",
                "219704455362068007023001041133111634127",
                "214083110146677973311463626405359553833",
                "39200702163750044999781941082996055539"
            ]
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2017-7742-fa025f04",
        "source": "https://github.com/libsndfile/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0",
        "signature_version": "v1",
        "target": {
            "function": "flac_buffer_copy",
            "file": "src/flac.c"
        },
        "digest": {
            "function_hash": "58142569931487262227866425697707993698",
            "length": 3722.0
        },
        "deprecated": false
    }
]