1
PublicDateAtUSN: 2017-03-14
2
Candidate: CVE-2017-6838
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838
6
https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
7
http://www.openwall.com/lists/oss-security/2017/03/13/9
8
https://usn.ubuntu.com/usn/usn-3241-1
10
Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka
11
audiofile) 0.3.6 allows remote attackers to cause a denial of service
12
(crash) via a crafted file.
16
https://github.com/mpruett/audiofile/issues/41
17
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651
18
https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1674005
20
Discovered-by: Agostino Sarubbo
24
upstream: https://github.com/mpruett/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c
25
upstream: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7
26
upstream_audiofile: released (0.3.6-4)
27
precise_audiofile: released (0.3.3-2ubuntu0.3)
28
trusty_audiofile: released (0.3.6-2ubuntu0.14.04.2)
29
vivid/stable-phone-overlay_audiofile: DNE
30
vivid/ubuntu-core_audiofile: DNE
31
xenial_audiofile: released (0.3.6-2ubuntu0.16.04.1)
32
yakkety_audiofile: released (0.3.6-3ubuntu0.1)
33
devel_audiofile: not-affected (0.3.6-4)