CVE-2017-6892

Published: 12/06/2017 Updated: 29/10/2020

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

It exists that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libsndfile project libsndfile 1.0.28

Several security issues were fixed in libsndfile ...

Debian Bug report logs - #864704 libsndfile: CVE-2017-6892 Package: src:libsndfile; Maintainer for src:libsndfile is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 13 Jun 2017 04:36:01 UTC Severity: important Tags: patch, security, ...

In libsndfile version 1028, an error in the "aiff_read_chanmap()" function (aiffc) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file ...

CWE-119 https://secuniaresearch.flexerasoftware.com/secunia_research/2017-13/https://secuniaresearch.flexerasoftware.com/advisories/76717/https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748 https://security.gentoo.org/glsa/201811-23 https://usn.ubuntu.com/4013-1/https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html https://nvd.nist.gov https://usn.ubuntu.com/4013-1/

CVE-2017-6892

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect