CVE-2017-16942

Published: 25 November 2017

In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.

Priority

Negligible

CVSS 3 base score: 6.5

Status

Package Release Status
libsndfile
Launchpad, Ubuntu, Debian
Upstream
Released (1.0.27-1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.0.25-10ubuntu0.16.04.2)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.0.25-7ubuntu2.2+esm1)
Patches:
Upstream: https://github.com/erikd/libsndfile/commit/a0177b4076642fd92a3bc6409debcbd0ae7f32ac