CVE-2017-16942

Published: 25 November 2017

In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.

Priority

CVSS 3 base score: 6.5

Status

Package	Release	Status
libsndfile Launchpad, Ubuntu, Debian	artful	Not vulnerable (1.0.28-4)
	bionic	Not vulnerable
	cosmic	Not vulnerable
	disco	Not vulnerable
	eoan	Not vulnerable
	focal	Not vulnerable
	groovy	Not vulnerable
	precise	Does not exist
	trusty	Released (1.0.25-7ubuntu2.2+esm1)
	upstream	Released (1.0.27-1)
	xenial	Released (1.0.25-10ubuntu0.16.04.2)
	zesty	Ignored (reached end-of-life)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16942
https://ubuntu.com/security/notices/USN-4013-1
https://ubuntu.com/security/notices/USN-4704-1
NVD
Launchpad
Debian

Bugs

https://github.com/erikd/libsndfile/issues/341

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›