FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libsndfile -- out-of-bounds read memory access

Affected packages
libsndfile <= 1.0.28
linux-c6-libsndfile <= 1.0.28
linux-c7-libsndfile <= 1.0.28

Details

VuXML ID 004debf9-1d16-11e8-b6aa-4ccc6adda413
Discovery 2017-05-23
Entry 2018-03-01

Laurent Delosieres, Secunia Research at Flexera Software reports:

Secunia Research has discovered a vulnerability in libsndfile, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an error in the "aiff_read_chanmap()" function (src/aiff.c), which can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file. The vulnerability is confirmed in version 1.0.28. Other versions may also be affected.

References

CVE Name CVE-2017-6892
URL https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748
URL https://nvd.nist.gov/vuln/detail/CVE-2017-6892
URL https://secuniaresearch.flexerasoftware.com/secunia_research/2017-13/