Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-9258 — Infinite Loop in Soundtouch

CWE-835 — Infinite Loop11 documents8 sources

Severity

5.5MEDIUMNVD

EPSS

2.4%

top 14.90%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Surina Soundtouch Debian Soundtouch

Timeline

PublishedJul 27

Latest updateMay 13

Description

The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/soundtouch< soundtouch 1.9.2-3 (bookworm)

▶Debiansurina/soundtouch< 1.9.2-3+3

▶Ubuntusurina/soundtouch< 1.7.1-5ubuntu0.1~esm1+2

▶NVDsurina/soundtouch1.9.2

🔴Vulnerability Details

GHSA

GHSA-xmx9-mmqw-jcw6: The TDStretch::processSamples function in source/SoundTouch/TDStretch↗2022-05-13

▶

OSV

soundtouch vulnerabilities↗2021-03-15

▶

OSV

CVE-2017-9258: The TDStretch::processSamples function in source/SoundTouch/TDStretch↗2017-07-27

▶

💥Exploits & PoCs

Exploit-DB

SoundTouch 1.9.2 - Multiple Vulnerabilities↗2017-07-28

▶

📋Vendor Advisories

Ubuntu

SoundTouch vulnerabilities↗2021-03-15

▶

Red Hat

soundtouch: Infinite loop in the TDStretch::processSamples function↗2017-07-26

▶

Debian

CVE-2017-9258: soundtouch - The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in Sou...↗2017

▶

💬Community

Bugzilla

CVE-2017-9258 CVE-2017-9259 CVE-2017-9260 soundtouch: various flaws [fedora-all]↗2017-07-27

▶

Bugzilla

CVE-2017-9258 soundtouch: Infinite loop in the TDStretch::processSamples function↗2017-07-27

▶

Bugzilla

CVE-2017-9258 CVE-2017-9259 CVE-2017-9260 soundtouch: various flaws [epel-6]↗2017-07-27

▶