1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
Candidate: CVE-2017-12562
PublicDate: 2017-08-05
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12562
Description:
Heap-based Buffer Overflow in the psf_binheader_writef function in common.c
in libsndfile through 1.0.28 allows remote attackers to cause a denial of
service (application crash) or possibly have unspecified other impact.
Ubuntu-Description:
Notes:
mdeslaur> debian's patch in 1.0.28-3 doesn't match the upsteam patch.
mdeslaur> need to investigate further, looks like parts are missing.
mdeslaur>
mdeslaur> reproducer in upstream bug report.
Bugs:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869166
https://github.com/erikd/libsndfile/issues/292
Priority: low
Discovered-by:
Assigned-to:
Patches_libsndfile:
upstream: https://github.com/erikd/libsndfile/commit/cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8
upstream_libsndfile: released (1.0.28-3)
precise/esm_libsndfile: DNE
trusty_libsndfile: needed
vivid/ubuntu-core_libsndfile: DNE
xenial_libsndfile: needed
zesty_libsndfile: needed
devel_libsndfile: not-affected (1.0.28-3)
|