SB2017041415 - Stack-based buffer overflow in libsndfile (Alpine package)
Published: April 14, 2017
Security Bulletin ID
SB2017041415
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Stack-based buffer overflow (CVE-ID: CVE-2017-7585)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to an error in the "flac_buffer_copy()" function (flac.c). A remote attacker can send a specially crafted FLAC file, trick the victim into opening it, trigger stack-based buffer overflow and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=2272f43516da3b21db1048c3b8ffdc96a084c175
- https://git.alpinelinux.org/aports/commit/?id=a26f59185b03aab7c54f2f2c1af61547cb26902a
- https://git.alpinelinux.org/aports/commit/?id=eca01df34c7377001329ab44e76e8652094cd4be
- https://git.alpinelinux.org/aports/commit/?id=49b4ba77c180eea380f7eb5db100fc83162143e5
- https://git.alpinelinux.org/aports/commit/?id=6916b57a3b0b5200fbcd5f6b22a9d21bbe9098d6
- https://git.alpinelinux.org/aports/commit/?id=1ad78b64ab837de1859c7e3cd0da1ebf1852c6b7
- https://git.alpinelinux.org/aports/commit/?id=6b7f756b4b5ffe15bac1619bafc5a1eefe7f8b52
- https://git.alpinelinux.org/aports/commit/?id=a6f844f8d0fbeeb5f6fc61e90b7bfb343809e60a