SB2018123014 - Out-of-bound read in libsndfile (Alpine package)
Published: December 30, 2018
Security Bulletin ID
SB2018123014
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bound read (CVE-ID: CVE-2017-17457)
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.The weakness exists in the d2ulaw_array() function due to out-of-bounds read. A remote attacker send a specially crafted input, trigger memory corruption and cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=df783fb4ec118d2b2d6ad60ba87247d67895ed7d
- https://git.alpinelinux.org/aports/commit/?id=eb0e8dee37539898fe7a4d9f95ff1353d3d69519
- https://git.alpinelinux.org/aports/commit/?id=4f3a5a526e7da41c0c6642266d325fecc0d6ed0a
- https://git.alpinelinux.org/aports/commit/?id=67dc06446b7446135900a95906d11fb7efe2c416
- https://git.alpinelinux.org/aports/commit/?id=90497e314c0f7ee1c6804d0819315700efd762b9
- https://git.alpinelinux.org/aports/commit/?id=ccfe1f34f1a4ef840962b635ee5df67c259719ff
- https://git.alpinelinux.org/aports/commit/?id=de6750ba8908c9dd4f47cbc1289cb057cf21e800