SB2017080956 - Heap-based buffer overflow in libsndfile (Alpine package)
Published: August 9, 2017
Security Bulletin ID
SB2017080956
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Heap-based buffer overflow (CVE-ID: CVE-2017-12562)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the psf_binheader_writef function due to heap-based buffer overflow. A remote attacker can trick the victim into opening a specially crafted input, trigger a heap-based buffer overflow condition and cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=eb0e8dee37539898fe7a4d9f95ff1353d3d69519
- https://git.alpinelinux.org/aports/commit/?id=2272f43516da3b21db1048c3b8ffdc96a084c175
- https://git.alpinelinux.org/aports/commit/?id=98a17c333286fe55dd7ee97082ccde3689ef44dc
- https://git.alpinelinux.org/aports/commit/?id=8d4f547db4d45aa603aefd35027f5fb0166de529
- https://git.alpinelinux.org/aports/commit/?id=02bde058ddffa348c73da3fb69ef7cb1b68987d4
- https://git.alpinelinux.org/aports/commit/?id=4d03eb3da7b82e6a22c6551ae9d58e3b887c2a6f
- https://git.alpinelinux.org/aports/commit/?id=ae57518e81e47da674302ed33464deb64290979a
- https://git.alpinelinux.org/aports/commit/?id=b929a198bb2bf41d2d7ca692fd917fcf99cad9c6