CVE-2017-6829

Published: 13 March 2017

The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
audiofile Launchpad, Ubuntu, Debian	Upstream	Released (0.3.6-4)





	Ubuntu 16.04 ESM (Xenial Xerus)	Released (0.3.6-2ubuntu0.16.04.1)
	Ubuntu 14.04 ESM (Trusty Tahr)	Released (0.3.6-2ubuntu0.14.04.2)
	Patches: Upstream: https://github.com/mpruett/audiofile/pull/43/commits/25eb00ce913452c2e614548d7df93070bf0d066f

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829
https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp
https://ubuntu.com/security/notices/USN-3241-1
NVD
Launchpad
Debian

Bugs

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651
https://github.com/mpruett/audiofile/issues/33
https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1674005
https://bugzilla.opensuse.org/show_bug.cgi?id=1026981

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›