CVE-2017-6892Improper Restriction of Operations within the Bounds of a Memory Buffer in Libsndfile

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-125Out-of-bounds Read11 documents8 sources
Severity
8.8HIGHNVD
OSV9.8
EPSS
2.0%
top 16.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Libsndfile Project LibsndfileDebian LibsndfileFlexera Software LLC Libsndfile+3 more
Timeline
PublishedJun 12
Latest updateMay 13

Description

In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

debiandebian/libsndfile< libsndfile 1.0.28-1 (bookworm)
Debianlibsndfile_project/libsndfile< 1.0.28-1+3
Ubuntulibsndfile_project/libsndfile< 1.0.25-10ubuntu0.16.04.3+1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-7fc7-mjc4-7mmh: In libsndfile version 12022-05-13
OSV
libsndfile vulnerabilities2021-01-26
OSV
CVE-2017-6892: In libsndfile version 12017-06-12

📋Vendor Advisories

5
Ubuntu
libsndfile vulnerabilities2021-01-26
Ubuntu
libsndfile vulnerabilities2019-06-10
Microsoft
In libsndfile version 1.0.28 an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.2017-06-13
Red Hat
libsndfile: Information disclosure via aiff_read_chanmap() function2017-05-23
Debian
CVE-2017-6892: libsndfile - In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" function (ai...2017

💬Community

2
Bugzilla
CVE-2017-6892 libsndfile: Information disclosure via aiff_read_chanmap() function2017-06-20
Bugzilla
CVE-2017-6892 libsndfile: Information disclosure via aiff_read_chanmap() function [fedora-all]2017-06-20