[arch-security] [ASA-201708-9] audiofile: multiple issues
Arch Linux Security Advisory ASA-201708-9 ========================================= Severity: High Date : 2017-08-14 CVE-ID : CVE-2017-6827 CVE-2017-6828 CVE-2017-6829 CVE-2017-6830 CVE-2017-6831 CVE-2017-6832 CVE-2017-6833 CVE-2017-6834 CVE-2017-6835 CVE-2017-6836 CVE-2017-6837 CVE-2017-6838 CVE-2017-6839 Package : audiofile Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-205 Summary ======= The package audiofile before version 0.3.6-4 is vulnerable to multiple issues including arbitrary code execution, arbitrary command execution and denial of service. Resolution ========== Upgrade to 0.3.6-4. # pacman -Syu "audiofile>=0.3.6-4" The problems have been fixed upstream but no release is available yet. Workaround ========== None. Description =========== - CVE-2017-6827 (arbitrary code execution) Heap-based buffer overflow in msdapcmInitializeCoefficients (msadcpcm.cpp) could lead to arbitrary code execution. - CVE-2017-6828 (arbitrary code execution) Heap-based buffer overflow in readValue (filehandle.cpp) could lead to arbitrary code execution. - CVE-2017-6829 (arbitrary code execution) Global buffer overflow in decodesample (ima.cpp) that could lead to arbitrary code execution - CVE-2017-6830 (arbitrary code execution) Heap-based buffer overflow in alaw2linear_buf that could lead to arbitrary code execution. - CVE-2017-6831 (arbitrary code execution) Heap-based buffer overflow in IMA::decodeBlockWAVE (IMA.cpp) that could lead to arbitrary code execution. - CVE-2017-6832 (arbitrary code execution) Heap-based buffer overflow in MSADPCM::decodeBlock (MSADPCM.cpp) that could lead to arbitrary code execution. - CVE-2017-6833 (denial of service) Divide-by-zero triggers a crash in BlockCodec::runPull (BlockCodec.cpp) - CVE-2017-6834 (arbitrary code execution) Heap-based buffer overflow in ulaw2linear_buf (G711.cpp) - CVE-2017-6835 (denial of service) Divide-by-zero triggers crash in BlockCodec::reset1 (BlockCodec.cpp) - CVE-2017-6836 (arbitrary command execution) audiofile: heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h) - CVE-2017-6837 (denial of service) Integer overflow triggering an assertion on the WAVE module using sfconvert. - CVE-2017-6838 (denial of service) Integer overflow with the sfconvert command. - CVE-2017-6839 (denial of service) Integer overflow in sfconvert with the MSADPCM module. Impact ====== An attacker can cause a denial of service, or execute arbitrary code or command on the affected host via a crafted audio file. References ========== https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow... https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow... https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-... https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow... https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow... https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow... https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcod... https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow... https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcod... https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow... https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/ https://security.archlinux.org/CVE-2017-6827 https://security.archlinux.org/CVE-2017-6828 https://security.archlinux.org/CVE-2017-6829 https://security.archlinux.org/CVE-2017-6830 https://security.archlinux.org/CVE-2017-6831 https://security.archlinux.org/CVE-2017-6832 https://security.archlinux.org/CVE-2017-6833 https://security.archlinux.org/CVE-2017-6834 https://security.archlinux.org/CVE-2017-6835 https://security.archlinux.org/CVE-2017-6836 https://security.archlinux.org/CVE-2017-6837 https://security.archlinux.org/CVE-2017-6838 https://security.archlinux.org/CVE-2017-6839
participants (1)
-
Remi Gacogne