Описание
The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libgig | fixed | 4.0.0-5 | package | |
| libgig | no-dsa | stretch | package | |
| libgig | no-dsa | jessie | package | |
| libgig | no-dsa | wheezy | package |
Примечания
http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files)
http://svn.linuxsampler.org/cgi-bin/viewvc.cgi?view=revision&revision=3350
Связанные уязвимости
The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file.
The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file.
The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file.