Advisories ยป MGASA-2018-0336

Updated libsndfile packages fix security vulnerabilities

Publication date: 12 Aug 2018
Modification date: 12 Aug 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-17456 , CVE-2017-17457 , CVE-2018-13139

Description

Updated libsndfile package fixes security vulnerabilities:

The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead
to a remote DoS attack (CVE-2017-17456).

The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead
to a remote DoS attack (CVE-2017-17457).

A stack-based buffer overflow in psf_memset in common.c in libsndfile
1.0.28 allows remote attackers to cause a denial of service (application
crash) or possibly have unspecified other impact via a crafted audio file
(CVE-2018-13139).
                

References

SRPMS

6/core