CVE-2018-17097
published 2018-09-16CVE-2018-17097: The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have…
PriorityP337high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
2.84%
84.9th percentile
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | soundtouch | < soundtouch 2.1.2+ds1-1 (bookworm) | soundtouch 2.1.2+ds1-1 (bookworm) |
| surina | soundtouch | — | — |
| surina | soundtouch | >= 0 < 2.1.2+ds1-1 | 2.1.2+ds1-1 |
| surina | soundtouch | >= 0 < 2.1.2+ds1-1 | 2.1.2+ds1-1 |
| surina | soundtouch | >= 0 < 2.1.2+ds1-1 | 2.1.2+ds1-1 |
| surina | soundtouch | >= 0 < 2.1.2+ds1-1 | 2.1.2+ds1-1 |
| surina | soundtouch | >= 0 < 1.7.1-5ubuntu0.1~esm1 | 1.7.1-5ubuntu0.1~esm1 |
| surina | soundtouch | >= 0 < 1.9.2-2+deb9u1ubuntu0.1~esm1 | 1.9.2-2+deb9u1ubuntu0.1~esm1 |
| surina | soundtouch | >= 0 < 1.9.2-3ubuntu0.1~esm1 | 1.9.2-3ubuntu0.1~esm1 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8LOW
vendor_redhat8.8HIGH
vendor_ubuntu5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
SoundTouch vulnerabilities
vendor_ubuntu·2021-03-15·CVSS 5.5
CVE-2017-9260 [MEDIUM] SoundTouch vulnerabilities
Title: SoundTouch vulnerabilities
Summary: Several security issues were fixed in SoundTouch.
It was discovered that SoundTouch incorrectly handled certain WAV files. A
remote attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 14.04 ESM. (CVE-2017-9258, CVE-2017-9259,
CVE-2017-9260)
It was discovered that SoundTouch incorrectly handled ccertain WAV files. A
remote attacker could possibly use this issue to cause arbitrary code
execution. (CVE-2018-1000223)
It was discovered that SoundTouch incorrectly handled certain inputs. A
remote attacker could possibly use this issue to cause a denial of service.
(CVE-2018-17096)
It was discovered that SoundTouch incorrectly handled certain WAV files. A
remote attacker could possibly use this issue
Red Hat
soundtouch: Out-of-bounds heap write in WavOutFile::write()
vendor_redhat·2018-09-17·CVSS 8.8
CVE-2018-17097 [HIGH] CWE-119 soundtouch: Out-of-bounds heap write in WavOutFile::write()
soundtouch: Out-of-bounds heap write in WavOutFile::write()
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch.
Statement: This issue did not affect the versions of soundtouch as shipped with Red Hat Enterprise Linux 7 as they did not include the vulnerable code.
Package: soundtouch (Red Hat Enterprise Linux 7) - Not affected
Package: soundtouch (Red Hat Enterprise Linux 8) - Fix deferred
Debian
CVE-2018-17097: soundtouch - The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows re...
vendor_debian·2018·CVSS 8.8
CVE-2018-17097 [HIGH] CVE-2018-17097: soundtouch - The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows re...
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch.
Scope: local
bookworm: resolved (fixed in 2.1.2+ds1-1)
bullseye: resolved (fixed in 2.1.2+ds1-1)
forky: resolved (fixed in 2.1.2+ds1-1)
sid: resolved (fixed in 2.1.2+ds1-1)
trixie: resolved (fixed in 2.1.2+ds1-1)
GHSA
GHSA-543f-3ch5-q2rw: The WavFileBase class in WavFile
ghsa_unreviewed·2022-05-14
CVE-2018-17097 [HIGH] CWE-415 GHSA-543f-3ch5-q2rw: The WavFileBase class in WavFile
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch.
OSV
soundtouch vulnerabilities
osv·2021-03-15·CVSS 5.5
CVE-2017-9258 [MEDIUM] soundtouch vulnerabilities
soundtouch vulnerabilities
It was discovered that SoundTouch incorrectly handled certain WAV files. A
remote attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 14.04 ESM. (CVE-2017-9258, CVE-2017-9259,
CVE-2017-9260)
It was discovered that SoundTouch incorrectly handled ccertain WAV files. A
remote attacker could possibly use this issue to cause arbitrary code
execution. (CVE-2018-1000223)
It was discovered that SoundTouch incorrectly handled certain inputs. A
remote attacker could possibly use this issue to cause a denial of service.
(CVE-2018-17096)
It was discovered that SoundTouch incorrectly handled certain WAV files. A
remote attacker could possibly use this issue to cause a denial of service
or other unspecified impact. (CVE-2018
OSV
CVE-2018-17097: The WavFileBase class in WavFile
osv·2018-09-16·CVSS 8.8
CVE-2018-17097 [HIGH] CVE-2018-17097: The WavFileBase class in WavFile
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-17097 soundtouch: Out-of-bounds heap write in WavOutFile::write()
bugzilla·2018-09-19·CVSS 8.8
CVE-2018-17097 [HIGH] CVE-2018-17097 soundtouch: Out-of-bounds heap write in WavOutFile::write()
CVE-2018-17097 soundtouch: Out-of-bounds heap write in WavOutFile::write()
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch.
Upstream issue:
https://gitlab.com/soundtouch/soundtouch/issues/14
References:
https://github.com/TeamSeri0us/pocs/tree/master/soundtouch/2018_09_03
Discussion:
Created soundtouch tracking bugs for this issue:
Affects: epel-6 [bug 1631057]
Affects: fedora-all [bug 1631056]
---
This is not double free in fact, it is actually off-by-one error that happens in WavOutFile::write(float*, int) function:
case 3:
{
char *temp2 = (char *)temp;
for (int i = 0; i < numElems; i ++)
{
int value = saturate(buf
Bugzilla
CVE-2018-17096 soundtouch: Assertion failure in BPMDetect class in BPMDetect.cpp
bugzilla·2018-09-19·CVSS 6.5
CVE-2018-17096 [MEDIUM] CVE-2018-17096 soundtouch: Assertion failure in BPMDetect class in BPMDetect.cpp
CVE-2018-17096 soundtouch: Assertion failure in BPMDetect class in BPMDetect.cpp
The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.
Upstream issue:
https://gitlab.com/soundtouch/soundtouch/issues/14
References:
https://github.com/TeamSeri0us/pocs/tree/master/soundtouch/2018_09_03
Discussion:
Created soundtouch tracking bugs for this issue:
Affects: epel-6 [bug 1631062]
Affects: fedora-all [bug 1631061]
---
Upstream patch:
https://gitlab.com/soundtouch/soundtouch/commit/a1c400eb2cff849c0e5f9d6916d69ffea3ad2c85
---
I'm following [1] , looks to me upstream will release a new version with security fixes for CVE-2018-
Bugzilla
CVE-2018-17097 soundtouch: Double free in WavFileBase class in WavFile.cpp [epel-6]
bugzilla·2018-09-19·CVSS 8.8
CVE-2018-17097 [HIGH] CVE-2018-17097 soundtouch: Double free in WavFileBase class in WavFile.cpp [epel-6]
CVE-2018-17097 soundtouch: Double free in WavFileBase class in WavFile.cpp [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-6.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use the following template to for the
Bugzilla
CVE-2018-17098 soundtouch: Heap corruption in WavFileBase class in WavFile.cpp
bugzilla·2018-09-19·CVSS 8.8
CVE-2018-17098 [HIGH] CVE-2018-17098 soundtouch: Heap corruption in WavFileBase class in WavFile.cpp
CVE-2018-17098 soundtouch: Heap corruption in WavFileBase class in WavFile.cpp
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch.
Upstream issue:
https://gitlab.com/soundtouch/soundtouch/issues/14
References:
https://github.com/TeamSeri0us/pocs/tree/master/soundtouch/2018_09_03
Discussion:
Created soundtouch tracking bugs for this issue:
Affects: epel-6 [bug 1631066]
Affects: fedora-all [bug 1631065]
---
The root cause of this issue is the same as of CVE-2018-17097. The same upstream patch fixes both issues:
https://gitlab.com/soundtouch/soundtouch/commit/7f594f8b7d10bbc16a4a31de8ec5a279af9c
Bugzilla
CVE-2018-17097 soundtouch: Double free in WavFileBase class in WavFile.cpp [fedora-all]
bugzilla·2018-09-19·CVSS 8.8
CVE-2018-17097 [HIGH] CVE-2018-17097 soundtouch: Double free in WavFileBase class in WavFile.cpp [fedora-all]
CVE-2018-17097 soundtouch: Double free in WavFileBase class in WavFile.cpp [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supporte
2018-09-16
Published