Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-9259Uncontrolled Resource Consumption in Soundtouch

CWE-400Uncontrolled Resource Consumption11 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
3.6%
top 12.24%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Surina SoundtouchDebian Soundtouch
Timeline
PublishedJul 27
Latest updateMay 17

Description

The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

debiandebian/soundtouch< soundtouch 1.9.2-3 (bookworm)
Debiansurina/soundtouch< 1.9.2-3+3
Ubuntusurina/soundtouch< 1.7.1-5ubuntu0.1~esm1+2

🔴Vulnerability Details

3
GHSA
GHSA-7jfp-3wf8-63w9: The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch2022-05-17
OSV
soundtouch vulnerabilities2021-03-15
OSV
CVE-2017-9259: The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch2017-07-27

💥Exploits & PoCs

1
Exploit-DB
SoundTouch 1.9.2 - Multiple Vulnerabilities2017-07-28

📋Vendor Advisories

3
Ubuntu
SoundTouch vulnerabilities2021-03-15
Red Hat
soundtouch: Memory allocation error in the TDStretch::acceptNewOverlapLength function2017-07-26
Debian
CVE-2017-9259: soundtouch - The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cp...2017

💬Community

3
Bugzilla
CVE-2017-9258 CVE-2017-9259 CVE-2017-9260 soundtouch: various flaws [fedora-all]2017-07-27
Bugzilla
CVE-2017-9258 CVE-2017-9259 CVE-2017-9260 soundtouch: various flaws [epel-6]2017-07-27
Bugzilla
CVE-2017-9259 soundtouch: Memory allocation error in the TDStretch::acceptNewOverlapLength function2017-07-27