CVE-2017-7742
Summary
| CVE | CVE-2017-7742 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2017-04-12 18:59:00 UTC |
|---|
| Updated | 2017-07-11 01:33:00 UTC |
|---|
| Description | In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| libsndfile: Multiple vulnerabilities (GLSA 201707-04) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| libsndfile: invalid memory READ and invalid memory WRITE in flac_buffer_copy (flac.c) | agostino's blog |
MISC |
blogs.gentoo.org |
Exploit, Patch, Third Party Advisory |
| src/flac.c: Improve error handling · erikd/libsndfile@60b2343 · GitHub |
MISC |
github.com |
Patch |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 500311 Alpine Linux Security Update for libsndfile
- 504079 Alpine Linux Security Update for libsndfile
- 671077 EulerOS Security Update for libsndfile (EulerOS-SA-2019-2513)
- 710429 Gentoo Linux libsndfile Multiple Vulnerabilities (GLSA 201707-04)
