CVE-2017-6892 - Vulncode-DB

CVE-2017-6892 (NVD)

2017-06-12

In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.

Products	Libsndfile
Type	Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)
First patch	https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748
Relevant file/s	./src/aiff.c (modified, +1, -1)
Links	• https://security.gentoo.org/glsa/201811-23 • https://secuniaresearch.flexerasoftware.com/secunia_research/2017-13/ • https://secuniaresearch.flexerasoftware.com/advisories/76717/ • https://usn.ubuntu.com/4013-1/ • https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html

libsndfile - Tree: f833c53cb5

(? files)

Filter Settings

All Files

Relevant Files

Vulnerable Files

Patched Files

Files

VS-Dark VS-Bright Monokai Darcula

Navigation

Patch data:

(on by default)

Patched area: