Msrc Cm1 Libsndfile 1.0.28-14 On Cbl Mariner 1.0 vulnerabilities

CVE-2017-12562 [CRITICAL] CWE-119 Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspe Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. FAQ: Is Azure Linux the only Microsoft prod

CVE-2017-6892 [HIGH] CWE-119 In libsndfile version 1.0.28 an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file. In libsndfile version 1.0.28 an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore pot

CVE-2017-8365 [MEDIUM] CWE-125 The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially aff