CVE-2017-8361Improper Restriction of Operations within the Bounds of a Memory Buffer in Libsndfile

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow12 documents10 sources
Severity
8.8HIGHNVD
EPSS
1.5%
top 18.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Libsndfile Project LibsndfileDebian LibsndfileDebian Linux+3 more
Timeline
PublishedApr 30
Latest updateMay 14

Description

The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

debiandebian/libsndfile< libsndfile 1.0.27-3 (bookworm)
Debianlibsndfile_project/libsndfile< 1.0.27-3+3

Also affects: Debian Linux 8.0

Patches

Patch: blogs.gentoo.orgPatch: blogs.gentoo.org

🔴Vulnerability Details

2
GHSA
GHSA-p53r-qcgq-cr5q: The flac_buffer_copy function in flac2022-05-14
OSV
CVE-2017-8361: The flac_buffer_copy function in flac2017-04-30

📋Vendor Advisories

4
Ubuntu
libsndfile vulnerabilities2017-06-01
Red Hat
libsndfile: Buffer overflow in the flac_buffer_copy function2017-04-29
Microsoft
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via 2017-04-11
Debian
CVE-2017-8361: libsndfile - The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attac...2017

🕵️Threat Intelligence

1
Threat Intel
Nexus Zeta

💬Community

2
Bugzilla
CVE-2017-8361 CVE-2017-8362 CVE-2017-8363 CVE-2017-8365 libsndfile: various flaws [fedora-all]2017-05-10
Bugzilla
CVE-2017-8361 libsndfile: Buffer overflow in the flac_buffer_copy function2017-05-10