MGASA-2017-0168

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0168.html

Import Source

https://advisories.mageia.org/MGASA-2017-0168.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2017-0168

Related

Published

2017-06-12T07:42:23Z

Modified

2017-06-12T07:26:21Z

Summary

Updated libsndfile packages fix security vulnerabilities

Details

A stack-based buffer overflow via a specially crafted FLAC file due to an error in the header_read() function (CVE-2017-7586).

Several stack-based buffer overflows via a specially crafted FLAC file due to an error in the flacbuffercopy() function (CVE-2017-7585, CVE-2017-7741, CVE-2017-7742).

Global buffer overflow in flacbuffercopy() (CVE-2017-8361).

Invalid memory read in flacbuffercopy() (CVE-2017-8362).

Heap-based buffer overflow in flacbuffercopy() (CVE-2017-8363).

The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file (CVE-2017-8365).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2017-0168

Affected packages