CVE-2017-16942 — Divide By Zero in Libsndfile

CWE-369 — Divide By Zero9 documents7 sources

Severity

6.5MEDIUMNVD

OSV9.8

EPSS

0.2%

top 64.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libsndfile Project Libsndfile Debian Libsndfile

Timeline

PublishedNov 25

Latest updateMay 14

Description

In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/libsndfile< libsndfile 1.0.27-1 (bookworm)

▶Debianlibsndfile_project/libsndfile< 1.0.27-1+3

▶Ubuntulibsndfile_project/libsndfile< 1.0.25-10ubuntu0.16.04.3+1

▶NVDlibsndfile_project/libsndfile1.0.25

🔴Vulnerability Details

GHSA

GHSA-m7qj-97rw-rxp3: In libsndfile 1↗2022-05-14

▶

OSV

libsndfile vulnerabilities↗2021-01-26

▶

OSV

CVE-2017-16942: In libsndfile 1↗2017-11-25

▶

📋Vendor Advisories

Ubuntu

libsndfile vulnerabilities↗2021-01-26

▶

Ubuntu

libsndfile vulnerabilities↗2019-06-10

▶

Red Hat

libsndfile: divide-by-zero error in wav_w64_read_fmt_chunk()↗2017-11-25

▶

Debian

CVE-2017-16942: libsndfile - In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the fun...↗2017

▶

💬Community

Bugzilla

CVE-2017-16942 libsndfile: divide-by-zero error in wav_w64_read_fmt_chunk()↗2017-11-27

▶