CVE-2017-12562

Published: 05 August 2017

Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

Priority

Low

CVSS 3 base score: 9.8

Status

Package Release Status
libsndfile
Launchpad, Ubuntu, Debian
Upstream
Released (1.0.28-3)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(1.0.28-3)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(1.0.28-3)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1.0.28-3)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1.0.28-3)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (1.0.25-10ubuntu0.16.04.3)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.0.25-7ubuntu2.2+esm1)
Patches:
Upstream: https://github.com/erikd/libsndfile/commit/cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8

Notes

AuthorNote
mdeslaur
debian's patch in 1.0.28-3 doesn't match the upsteam patch.
need to investigate further, looks like parts are missing.

reproducer in upstream bug report.

References

Bugs