Описание
Security update for libsndfile
This update for libsndfile fixes the following issues:
- CVE-2017-16942: Divide-by-zero in the function wav_w64_read_fmt_chunk(), which may lead to Denial of service (bsc#1069874).
- CVE-2017-6892: Fixed an out-of-bounds read memory access in the aiff_read_chanmap() (bsc#1043978).
- CVE-2017-14634: In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file. (bsc#1059911)
- CVE-2017-14245: An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. (bsc#1059912)
- CVE-2017-14246: An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.(bsc#1059913)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP3
Ссылки
- Link for SUSE-SU-2018:0352-1
- E-Mail link for SUSE-SU-2018:0352-1
- SUSE Security Ratings
- SUSE Bug 1043978
- SUSE Bug 1059911
- SUSE Bug 1059912
- SUSE Bug 1059913
- SUSE Bug 1069874
- SUSE CVE CVE-2017-14245 page
- SUSE CVE CVE-2017-14246 page
- SUSE CVE CVE-2017-14634 page
- SUSE CVE CVE-2017-16942 page
- SUSE CVE CVE-2017-6892 page
Описание
An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.
Затронутые продукты
Ссылки
- CVE-2017-14245
- SUSE Bug 1059912
- SUSE Bug 1071777
Описание
An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.
Затронутые продукты
Ссылки
- CVE-2017-14246
- SUSE Bug 1059913
- SUSE Bug 1071767
Описание
In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.
Затронутые продукты
Ссылки
- CVE-2017-14634
- SUSE Bug 1059911
Описание
In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.
Затронутые продукты
Ссылки
- CVE-2017-16942
- SUSE Bug 1069874
Описание
In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.
Затронутые продукты
Ссылки
- CVE-2017-6892
- SUSE Bug 1043978