Updated soundtouch packages fix security vulnerabilities
Publication date: 10 Aug 2018Modification date: 10 Aug 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-9258 , CVE-2017-9259 , CVE-2017-9260
Description
Updated soundtouch package fixes security vulnerabilities: The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file (CVE-2017-9258). The TDStretch::acceptNewOverlapLength function in source/SoundTouch/ TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file (CVE-2017-9259). The TDStretchSSE::calcCrossCorr function in source/SoundTouch/ sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file (CVE-2017-9260).
References
- https://bugs.mageia.org/show_bug.cgi?id=23323
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DBNLS5JI6AFPGYDJHBRYWMSVRPRNVQCN/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9258
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9259
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9260
SRPMS
6/core
- soundtouch-1.9.2-2.1.mga6