Advisories » MGASA-2018-0336

Updated libsndfile packages fix security vulnerabilities

Publication date: 12 Aug 2018
Modification date: 12 Aug 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-17456 , CVE-2017-17457 , CVE-2018-13139

Description

Updated libsndfile package fixes security vulnerabilities:

The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead
to a remote DoS attack (CVE-2017-17456).

The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead
to a remote DoS attack (CVE-2017-17457).

A stack-based buffer overflow in psf_memset in common.c in libsndfile
1.0.28 allows remote attackers to cause a denial of service (application
crash) or possibly have unspecified other impact via a crafted audio file
(CVE-2018-13139).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23382
• http://lists.suse.com/pipermail/sle-security-updates/2018-July/004311.html
• https://www.cve.org/CVERecord?id=CVE-2017-17456
• https://www.cve.org/CVERecord?id=CVE-2017-17457
• https://www.cve.org/CVERecord?id=CVE-2018-13139

SRPMS

6/core

• libsndfile-1.0.28-3.3.mga6