CVE-2017-7742 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libsndfile

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125 — Out-of-bounds Read7 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 42.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libsndfile Project Libsndfile Debian Libsndfile

Timeline

PublishedApr 12

Latest updateMay 17

Description

In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/libsndfile< libsndfile 1.0.27-3 (bookworm)

▶Debianlibsndfile_project/libsndfile< 1.0.27-3+3

▶NVDlibsndfile_project/libsndfile1.0.27

Patches

Patch: blogs.gentoo.org ↗Patch: github.com ↗Patch: blogs.gentoo.org ↗

🔴Vulnerability Details

GHSA

GHSA-c3h5-xmq3-3g76: In libsndfile before 1↗2022-05-17

▶

OSV

CVE-2017-7742: In libsndfile before 1↗2017-04-12

▶

📋Vendor Advisories

Ubuntu

libsndfile vulnerabilities↗2017-06-01

▶

Red Hat

libsndfile: Invalid memory read in flac_buffer_copy function↗2017-04-11

▶

Debian

CVE-2017-7742: libsndfile - In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac...↗2017

▶

💬Community

Bugzilla

CVE-2017-7742 libsndfile: Invalid memory read in flac_buffer_copy function↗2017-04-13

▶