CVE-2017-6832

Published: 14 March 2017

Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
audiofile Launchpad, Ubuntu, Debian	precise	Released (0.3.3-2ubuntu0.3)
	trusty	Released (0.3.6-2ubuntu0.14.04.2)
	upstream	Released (0.3.6-4)
	xenial	Released (0.3.6-2ubuntu0.16.04.1)
	yakkety	Released (0.3.6-3ubuntu0.1)
	Patches: upstream: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp
http://www.openwall.com/lists/oss-security/2017/03/13/4
https://ubuntu.com/security/notices/USN-3241-1
NVD
Launchpad
Debian

Bugs

https://github.com/mpruett/audiofile/issues/36
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651
https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1674005

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›