CVE-2017-16942

Published: 25 November 2017

In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.

Priority

Negligible

CVSS 3 base score: 6.5

Status

Package Release Status
libsndfile
Launchpad, Ubuntu, Debian
Upstream
Released (1.0.27-1)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable

Ubuntu 20.10 (Groovy Gorilla) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 LTS (Xenial Xerus)
Released (1.0.25-10ubuntu0.16.04.2)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.0.25-7ubuntu2.2+esm1)
Patches:
Upstream: https://github.com/erikd/libsndfile/commit/a0177b4076642fd92a3bc6409debcbd0ae7f32ac