Published: 12/06/2017 Updated: 29/10/2020

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

It exists that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libsndfile project libsndfile 1.0.28

Debian Bug report logs - #864704 libsndfile: CVE-2017-6892 Package: src:libsndfile; Maintainer for src:libsndfile is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 13 Jun 2017 04:36:01 UTC Severity: important Tags: patch, security, ...

Several security issues were fixed in libsndfile ...

In libsndfile version 1028, an error in the "aiff_read_chanmap()" function (aiffc) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file ...

CWE-119 https://secuniaresearch.flexerasoftware.com/secunia_research/2017-13/https://secuniaresearch.flexerasoftware.com/advisories/76717/https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748 https://security.gentoo.org/glsa/201811-23 https://usn.ubuntu.com/4013-1/https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864704 https://usn.ubuntu.com/4013-1/https://nvd.nist.gov

CVE-2017-6892

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect