1
PublicDateAtUSN: 2017-04-12
2
Candidate: CVE-2017-7742
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7742
6
https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/
7
https://usn.ubuntu.com/usn/usn-3306-1
9
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function
10
(flac.c) can be exploited to cause a segmentation violation (with read
11
memory access) via a specially crafted FLAC file during a resample attempt,
12
a similar issue to CVE-2017-7585.
16
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860255
18
Discovered-by: Agostino Sarubbo
22
upstream: https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0
23
upstream_libsndfile: released (1.0.27-3)
24
precise_libsndfile: ignored (reached end-of-life)
25
precise/esm_libsndfile: DNE (precise was needed)
26
trusty_libsndfile: released (1.0.25-7ubuntu2.2)
27
vivid/stable-phone-overlay_libsndfile: ignored (reached end-of-life)
28
vivid/ubuntu-core_libsndfile: DNE
29
xenial_libsndfile: released (1.0.25-10ubuntu0.16.04.1)
30
yakkety_libsndfile: released (1.0.25-10ubuntu0.16.10.1)
31
zesty_libsndfile: released (1.0.27-1ubuntu0.1)
32
devel_libsndfile: not-affected (1.0.27-3)