Advisories ยป MGASA-2018-0331

Updated soundtouch packages fix security vulnerabilities

Publication date: 10 Aug 2018
Modification date: 10 Aug 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-9258 , CVE-2017-9259 , CVE-2017-9260

Description

Updated soundtouch package fixes security vulnerabilities:

The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp
in SoundTouch 1.9.2 allows remote attackers to cause a denial of service
(infinite loop and CPU consumption) via a crafted wav file (CVE-2017-9258).

The TDStretch::acceptNewOverlapLength function in source/SoundTouch/
TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial
of service (memory allocation error and application crash) via a crafted
wav file (CVE-2017-9259).

The TDStretchSSE::calcCrossCorr function in source/SoundTouch/
sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a
denial of service (heap-based buffer over-read and application crash) via
a crafted wav file (CVE-2017-9260).
                

References

SRPMS

6/core