Advisories ยป MGASA-2017-0168

Updated libsndfile packages fix security vulnerabilities

Publication date: 12 Jun 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-7585 , CVE-2017-7586 , CVE-2017-7741 , CVE-2017-7742 , CVE-2017-8361 , CVE-2017-8362 , CVE-2017-8363 , CVE-2017-8365

Description

A stack-based buffer overflow via a specially crafted FLAC file due to
an error in the header_read() function (CVE-2017-7586).

Several stack-based buffer overflows via a specially crafted FLAC file
due to an error in the flac_buffer_copy() function (CVE-2017-7585,
CVE-2017-7741, CVE-2017-7742).

Global buffer overflow in flac_buffer_copy() (CVE-2017-8361).

Invalid memory read in flac_buffer_copy() (CVE-2017-8362).

Heap-based buffer overflow in flac_buffer_copy() (CVE-2017-8363).

The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote
attackers to cause a denial of service (buffer over-read and
application crash) via a crafted audio file (CVE-2017-8365).
                

References

SRPMS

5/core