CVE-2017-6839

Published: 14 March 2017

Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.

Priority

Medium

CVSS 3 base score: 5.5

Status

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839
• https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
• http://www.openwall.com/lists/oss-security/2017/03/13/9
• https://ubuntu.com/security/notices/USN-3241-1
• NVD
• Launchpad
• Debian

Bugs

• https://github.com/mpruett/audiofile/issues/41
• http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651
• https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1674005