Описание
Security update for libsndfile
This update for libsndfile fixes the following issues:
- CVE-2017-8362: invalid memory read in flac_buffer_copy (flac.c) (bsc#1036943)
- CVE-2017-8365: global buffer overflow in i2les_array (pcm.c) (bsc#1036946)
- CVE-2017-8361: global buffer overflow in flac_buffer_copy (flac.c) (bsc#1036944)
- CVE-2017-8363: heap-based buffer overflow in flac_buffer_copy (flac.c) (bsc#1036945)
- CVE-2017-7585: stack-based buffer overflow via a specially crafted FLAC file (bsc#1033054)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2017:1236-1
- E-Mail link for SUSE-SU-2017:1236-1
- SUSE Security Ratings
- SUSE Bug 1033054
- SUSE Bug 1033914
- SUSE Bug 1033915
- SUSE Bug 1036943
- SUSE Bug 1036944
- SUSE Bug 1036945
- SUSE Bug 1036946
- SUSE CVE CVE-2017-7585 page
- SUSE CVE CVE-2017-7741 page
- SUSE CVE CVE-2017-7742 page
- SUSE CVE CVE-2017-8361 page
- SUSE CVE CVE-2017-8362 page
- SUSE CVE CVE-2017-8363 page
- SUSE CVE CVE-2017-8365 page
Описание
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
Затронутые продукты
Ссылки
- CVE-2017-7585
- SUSE Bug 1033054
- SUSE Bug 1033914
- SUSE Bug 1033915
Описание
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
Затронутые продукты
Ссылки
- CVE-2017-7741
- SUSE Bug 1033054
- SUSE Bug 1033915
Описание
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
Затронутые продукты
Ссылки
- CVE-2017-7742
- SUSE Bug 1033054
- SUSE Bug 1033914
Описание
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.
Затронутые продукты
Ссылки
- CVE-2017-8361
- SUSE Bug 1036944
Описание
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file.
Затронутые продукты
Ссылки
- CVE-2017-8362
- SUSE Bug 1036943
Описание
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.
Затронутые продукты
Ссылки
- CVE-2017-8363
- SUSE Bug 1036945
Описание
The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.
Затронутые продукты
Ссылки
- CVE-2017-8365
- SUSE Bug 1036946