audiofile

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Silicon Graphics Audio File Library
Version 0.3.6-9 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-205 0.3.6-3 0.3.6-4 High Fixed
Issue Group Severity Remote Type Description
CVE-2017-6839 AVG-205 Medium No Denial of service
Integer overflow in sfconvert with the MSADPCM module.
CVE-2017-6838 AVG-205 Medium No Denial of service
Integer overflow with the sfconvert command.
CVE-2017-6837 AVG-205 Medium No Denial of service
Integer overflow triggering an assertion on the WAVE module using sfconvert.
CVE-2017-6836 AVG-205 High No Arbitrary command execution
audiofile: heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h)
CVE-2017-6835 AVG-205 Low No Denial of service
Divide-by-zero triggers crash in BlockCodec::reset1 (BlockCodec.cpp)
CVE-2017-6834 AVG-205 High No Arbitrary code execution
Heap-based buffer overflow in ulaw2linear_buf (G711.cpp)
CVE-2017-6833 AVG-205 Low No Denial of service
Divide-by-zero triggers a crash  in BlockCodec::runPull (BlockCodec.cpp)
CVE-2017-6832 AVG-205 High No Arbitrary code execution
Heap-based buffer overflow in MSADPCM::decodeBlock (MSADPCM.cpp) that could lead to arbitrary code execution.
CVE-2017-6831 AVG-205 High No Arbitrary code execution
Heap-based buffer overflow in IMA::decodeBlockWAVE (IMA.cpp) that could lead to arbitrary code execution.
CVE-2017-6830 AVG-205 High No Arbitrary code execution
Heap-based buffer overflow in alaw2linear_buf that could lead to arbitrary code execution.
CVE-2017-6829 AVG-205 High No Arbitrary code execution
Global buffer overflow in decodesample (ima.cpp) that could lead to arbitrary code execution
CVE-2017-6828 AVG-205 High No Arbitrary code execution
Heap-based buffer overflow in readValue (filehandle.cpp) could lead to arbitrary code execution.
CVE-2017-6827 AVG-205 High No Arbitrary code execution
Heap-based buffer overflow in msdapcmInitializeCoefficients (msadcpcm.cpp) could lead to arbitrary code execution.

Advisories

Date Advisory Group Severity Type
14 Aug 2017 ASA-201708-9 AVG-205 High multiple issues