CVE-2018-17098
Published: 16 September 2018
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch.
From the Ubuntu Security Team
It was discovered that SoundTouch incorrectly handled certain WAV files. A remote attacker could possibly use this issue to cause a denial of service or other unspecified impact.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
soundtouch Launchpad, Ubuntu, Debian |
bionic |
Released
(1.9.2-3ubuntu0.1~esm1)
Available with Ubuntu Pro |
| cosmic |
Ignored
(end of life)
|
|
| disco |
Released
(2.1.2+ds1-1)
|
|
| eoan |
Released
(2.1.2+ds1-1)
|
|
| focal |
Released
(2.1.2+ds1-1)
|
|
| groovy |
Released
(2.1.2+ds1-1)
|
|
| hirsute |
Released
(2.1.2+ds1-1)
|
|
| impish |
Released
(2.1.2+ds1-1)
|
|
| jammy |
Released
(2.1.2+ds1-1)
|
|
| kinetic |
Released
(2.1.2+ds1-1)
|
|
| lunar |
Released
(2.1.2+ds1-1)
|
|
| trusty |
Released
(1.7.1-5ubuntu0.1~esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| upstream |
Needs triage
|
|
| xenial |
Released
(1.9.2-2+deb9u1ubuntu0.1~esm1)
Available with Ubuntu Pro |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 8.8 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |