Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-9260Out-of-bounds Read in Soundtouch

CWE-125Out-of-bounds ReadCWE-122Heap-based Buffer Overflow11 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
3.2%
top 13.04%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Surina SoundtouchDebian Soundtouch
Timeline
PublishedJul 27
Latest updateMay 13

Description

The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

debiandebian/soundtouch< soundtouch 1.9.2-3 (bookworm)
Debiansurina/soundtouch< 1.9.2-3+3
Ubuntusurina/soundtouch< 1.7.1-5ubuntu0.1~esm1+2

🔴Vulnerability Details

3
GHSA
GHSA-9rgh-72f4-pjm6: The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized2022-05-13
OSV
soundtouch vulnerabilities2021-03-15
OSV
CVE-2017-9260: The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized2017-07-27

💥Exploits & PoCs

1
Exploit-DB
SoundTouch 1.9.2 - Multiple Vulnerabilities2017-07-28

📋Vendor Advisories

3
Ubuntu
SoundTouch vulnerabilities2021-03-15
Red Hat
soundtouch: Heap-buffer over-read in the TDStretchSSE::calcCrossCorr function2017-07-26
Debian
CVE-2017-9260: soundtouch - The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp ...2017

💬Community

3
Bugzilla
CVE-2017-9258 CVE-2017-9259 CVE-2017-9260 soundtouch: various flaws [fedora-all]2017-07-27
Bugzilla
CVE-2017-9260 soundtouch: Heap-buffer over-read in the TDStretchSSE::calcCrossCorr function2017-07-27
Bugzilla
CVE-2017-9258 CVE-2017-9259 CVE-2017-9260 soundtouch: various flaws [epel-6]2017-07-27