Debian Long Term Support / LTS Security Information / 2017 / Security Information -- DLA-928-1 libsndfile

Debian Security Advisory

DLA-928-1 libsndfile -- LTS security update

Date Reported:

29 Apr 2017

Affected Packages:

libsndfile

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 860255.
In Mitre's CVE dictionary: CVE-2015-7805, CVE-2017-7585, CVE-2017-7586, CVE-2017-7741, CVE-2017-7742.

More information:

Multiple vulnerabilities were found in libsndfile, a popular library for reading/writing audio files.

• CVE-2017-7585

  In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.

• CVE-2017-7586

  In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.

• CVE-2017-7741

  In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.

• CVE-2017-7742

  In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.

• CVE-2014-9496

  The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.

• CVE-2014-9756

  The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.

• CVE-2015-7805

  Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file.

For Debian 7 Wheezy, these problems have been fixed in version 1.0.25-9.1+deb7u1.

We recommend that you upgrade your libsndfile packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS