CVE-2017-14634 — Divide By Zero in Libsndfile

CWE-369 — Divide By Zero13 documents9 sources

Severity

6.5MEDIUMNVD

OSV9.8

EPSS

1.2%

top 21.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libsndfile Project Libsndfile Debian Libsndfile Debian Linux +3 more

Timeline

PublishedSep 21

Latest updateMay 13

Description

In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages7 packages

▶debiandebian/libsndfile< libsndfile 1.0.28-5 (bookworm)

▶Debianlibsndfile_project/libsndfile< 1.0.28-5+3

▶Ubuntulibsndfile_project/libsndfile< 1.0.25-10ubuntu0.16.04.3+1

▶NVDlibsndfile_project/libsndfile1.0.28

▶msrcmsrc/cm1_libsndfile_1.0.31-1_on_cbl_mariner_1.0

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-wqmq-9gvf-cgxr: In libsndfile 1↗2022-05-13

▶

OSV

libsndfile vulnerabilities↗2021-01-26

▶

CVEList

CVE-2017-14634: In libsndfile 1↗2017-09-21

▶

OSV

CVE-2017-14634: In libsndfile 1↗2017-09-21

▶

📋Vendor Advisories

Ubuntu

libsndfile vulnerabilities↗2021-01-26

▶

Ubuntu

libsndfile vulnerabilities↗2019-06-10

▶

Red Hat

libsndfile: Divide-by-zero in the double64_init() function↗2017-09-14

▶

Microsoft

In libsndfile 1.0.28 a divide-by-zero error exists in the function double64_init() in double64.c which may lead to DoS when playing a crafted audio file.↗2017-09-12

▶

Debian

CVE-2017-14634: libsndfile - In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_ini...↗2017

▶

💬Community

Bugzilla

CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 libsndfile: various flaws [fedora-all]↗2017-10-09

▶

Bugzilla

CVE-2017-14634 libsndfile: Divide-by-zero in the double64_init() function↗2017-10-09

▶