CVE-2017-6888

Published: 25 April 2018

An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.

Notes

Author	Note
mdeslaur	code is different in chromium-browser, doesn't look affected

Priority

Cvss 3 Severity Score

5.5

Score breakdown

Status

Package	Release	Status
android Launchpad, Ubuntu, Debian	artful	Does not exist
	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	eoan	Does not exist
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	precise	Does not exist
	trusty	Does not exist (trusty was ignored [abandoned])
	upstream	Needs triage
	xenial	Ignored (abandoned)
chromium-browser Launchpad, Ubuntu, Debian	artful	Ignored (reached end-of-life)
	bionic	Not vulnerable (code not present)
	cosmic	Not vulnerable (code not present)
	disco	Not vulnerable (code not present)
	eoan	Not vulnerable (code not present)
	focal	Not vulnerable (code not present)
	groovy	Not vulnerable (code not present)
	hirsute	Not vulnerable (code not present)
	impish	Not vulnerable (code not present)
	jammy	Not vulnerable (code not present)
	kinetic	Not vulnerable (code not present)
	precise	Does not exist
	trusty	Does not exist (trusty was not-affected [code not present])
	upstream	Released
	xenial	Not vulnerable (code not present)
flac Launchpad, Ubuntu, Debian	artful	Ignored (reached end-of-life)
	bionic	Released (1.3.2-1ubuntu0.1)
	cosmic	Ignored (reached end-of-life)
	disco	Not vulnerable (1.3.2-3)
	eoan	Ignored (reached end-of-life)
	focal	Not vulnerable (1.3.3-1build1)
	groovy	Ignored (reached end-of-life)
	hirsute	Ignored (reached end-of-life)
	impish	Ignored (reached end-of-life)
	jammy	Not vulnerable (1.3.3-2build2)
	kinetic	Not vulnerable (1.3.4-2)
	precise	Does not exist
	trusty	Released (1.3.0-2ubuntu0.14.04.1+esm1)
	upstream	Released (1.3.3)
	xenial	Released (1.3.1-4ubuntu0.1~esm1)
	Patches: upstream: https://git.xiph.org/?p=flac.git;a=commit;h=4f47b63e9c971e6391590caf00a0f2a5ed612e67
mame Launchpad, Ubuntu, Debian	artful	Ignored (reached end-of-life)
	bionic	Not vulnerable (uses system libflac)
	cosmic	Not vulnerable (uses system libflac)
	disco	Not vulnerable (uses system libflac)
	eoan	Not vulnerable (uses system libflac)
	focal	Not vulnerable (uses system libflac)
	groovy	Not vulnerable (uses system libflac)
	hirsute	Not vulnerable (uses system libflac)
	impish	Not vulnerable (uses system libflac)
	jammy	Not vulnerable (uses system libflac)
	kinetic	Not vulnerable (uses system libflac)
	precise	Does not exist
	trusty	Does not exist (trusty was needs-triage)
	upstream	Not vulnerable (uses system libflac)
	xenial	Not vulnerable (uses system libflac)
oxide-qt Launchpad, Ubuntu, Debian	artful	Ignored (reached end-of-life)
	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	eoan	Does not exist
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	precise	Does not exist
	trusty	Does not exist (trusty was ignored [Ubuntu touch end-of-life])
	upstream	Needs triage
	xenial	Ignored (Ubuntu touch end-of-life)
praat Launchpad, Ubuntu, Debian	artful	Ignored (reached end-of-life)
	bionic	Needs triage
	cosmic	Ignored (reached end-of-life)
	disco	Ignored (reached end-of-life)
	eoan	Ignored (reached end-of-life)
	focal	Needs triage
	groovy	Ignored (reached end-of-life)
	hirsute	Ignored (reached end-of-life)
	impish	Ignored (reached end-of-life)
	jammy	Needs triage
	kinetic	Needs triage
	precise	Does not exist
	trusty	Does not exist (trusty was needs-triage)
	upstream	Needs triage
	xenial	Needs triage

Severity score breakdown

Parameter	Value
Base score	5.5
Attack vector	Local
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

Bugs

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897015

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›