FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libsndfile -- out-of-bounds read memory access

Affected packages
libsndfile < 1.0.28_2
linux-c6-libsndfile < 1.0.28_2
linux-c7-libsndfile < 1.0.28_2

Details

VuXML ID 004debf9-1d16-11e8-b6aa-4ccc6adda413
Discovery 2017-05-23
Entry 2018-03-01

Laurent Delosieres, Secunia Research at Flexera Software reports:

Secunia Research has discovered a vulnerability in libsndfile, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an error in the "aiff_read_chanmap()" function (src/aiff.c), which can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file. The vulnerability is confirmed in version 1.0.28. Other versions may also be affected.

[source]

References

CVE Name CVE-2017-6892
URL https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748
URL https://nvd.nist.gov/vuln/detail/CVE-2017-6892
URL https://secuniaresearch.flexerasoftware.com/secunia_research/2017-13/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.

OSZAR »