CVE-2018-17097 — Double Free in Soundtouch

CWE-415 — Double Free CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents7 sources

Severity

8.8HIGHNVD

OSV5.5

EPSS

0.7%

top 26.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Surina Soundtouch Debian Soundtouch

Timeline

PublishedSep 16

Latest updateMay 14

Description

The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/soundtouch< soundtouch 2.1.2+ds1-1 (bookworm)

▶Debiansurina/soundtouch< 2.1.2+ds1-1+3

▶Ubuntusurina/soundtouch< 1.7.1-5ubuntu0.1~esm1+2

▶NVDsurina/soundtouch2.0.0

🔴Vulnerability Details

GHSA

GHSA-543f-3ch5-q2rw: The WavFileBase class in WavFile↗2022-05-14

▶

OSV

soundtouch vulnerabilities↗2021-03-15

▶

OSV

CVE-2018-17097: The WavFileBase class in WavFile↗2018-09-16

▶

📋Vendor Advisories

Ubuntu

SoundTouch vulnerabilities↗2021-03-15

▶

Red Hat

soundtouch: Out-of-bounds heap write in WavOutFile::write()↗2018-09-17

▶

Debian

CVE-2018-17097: soundtouch - The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows re...↗2018

▶

💬Community

Bugzilla

CVE-2018-17097 soundtouch: Out-of-bounds heap write in WavOutFile::write()↗2018-09-19

▶

Bugzilla

CVE-2018-17096 soundtouch: Assertion failure in BPMDetect class in BPMDetect.cpp↗2018-09-19

▶

Bugzilla

CVE-2018-17097 soundtouch: Double free in WavFileBase class in WavFile.cpp [epel-6]↗2018-09-19

▶

Bugzilla

CVE-2018-17098 soundtouch: Heap corruption in WavFileBase class in WavFile.cpp↗2018-09-19

▶

Bugzilla

CVE-2018-17097 soundtouch: Double free in WavFileBase class in WavFile.cpp [fedora-all]↗2018-09-19

▶