VDB-106952 · CVE-2017-14634 · BID 105996

libsndfile 1.0.28 double64.c double64_init Audio File divide by zero

A vulnerability was found in libsndfile 1.0.28 (Audio Processing Software) and classified as problematic. Affected by this issue is the function double64_init of the file double64.c. Upgrading eliminates this vulnerability. A possible mitigation has been published 5 months after the disclosure of the vulnerability.

Field	09/21/2017 09:49 PM	11/18/2019 03:15 PM	01/13/2021 06:12 PM
type	Audio Processing Software	Audio Processing Software	Audio Processing Software
name	libsndfile	libsndfile	libsndfile
version	1.0.28	1.0.28	1.0.28
file	double64.c	double64.c	double64.c
function	double64_init	double64_init	double64_init
input_type	Audio File	Audio File	Audio File
cwe	369 (denial of service)	369 (denial of service)	369 (denial of service)
risk	1	1	1
cvss2_vuldb_basescore	4.3	4.3	4.3
cvss2_vuldb_tempscore	3.7	3.7	3.7
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	M	M	M
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	N	N	N
cvss2_vuldb_ai	P	P	P
cvss2_nvd_av	N	N	N
cvss2_nvd_ac	M	M	M
cvss2_nvd_au	N	N	N
cvss2_nvd_ci	N	N	N
cvss2_nvd_ii	N	N	N
cvss2_nvd_ai	P	P	P
cvss3_meta_basescore	5.4	5.4	5.4
cvss3_meta_tempscore	5.1	5.1	5.1
cvss3_vuldb_basescore	4.3	4.3	4.3
cvss3_vuldb_tempscore	4.1	4.1	4.1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	N	N	N
cvss3_vuldb_a	L	L	L
cvss3_nvd_av	N	N	N
cvss3_nvd_ac	L	L	L
cvss3_nvd_pr	N	N	N
cvss3_nvd_ui	R	R	R
cvss3_nvd_s	U	U	U
cvss3_nvd_c	N	N	N
cvss3_nvd_i	N	N	N
cvss3_nvd_a	H	H	H
date	1505952000 (09/21/2017)	1505952000 (09/21/2017)	1505952000 (09/21/2017)
url	https://github.com/erikd/libsndfile/issues/318	https://github.com/erikd/libsndfile/issues/318	https://github.com/erikd/libsndfile/issues/318
price_0day	$0-$5k	$0-$5k	$0-$5k
cve	CVE-2017-14634	CVE-2017-14634	CVE-2017-14634
cve_assigned	1505952000	1505952000	1505952000
cve_nvd_published	1505952000	1505952000	1505952000
cve_nvd_summary	In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.	In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.	In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.
securityfocus	105996	105996	105996
securityfocus_title	Libsndfile 'sndfile.c' Denial of Service Vulnerability	Libsndfile 'sndfile.c' Denial of Service Vulnerability	Libsndfile 'sndfile.c' Denial of Service Vulnerability
nessus_risk	Medium	Medium	Medium
nessus_type	local	local	local
nessus_date	1518048000 (02/08/2018)	1518048000 (02/08/2018)	1518048000 (02/08/2018)
qualys_id	176789	176789	176789
qualys_title	Debian Security Update for libsndfile (DLA 1618-1)	Debian Security Update for libsndfile (DLA 1618-1)	Debian Security Update for libsndfile (DLA 1618-1)
seealso	100762 100763 100764 100766 102253 106941 106942 109967 110315 110316 120327 127065 127317 127318 127337 131992	100762 100763 100764 100766 102253 106941 106942 109967 110315 110316 120327 127065 127317 127318 127337 131992	100762 100763 100764 100766 102253 106941 106942 109967 110315 110316 120327 127065 127317 127318 127337 131992
location	Website	Website	Website
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_rc	C	C	C
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
reaction_days	139	139	139
exposure_days	139	139	139
cvss3_nvd_basescore	6.5	6.5	6.5
discoverydate		1505952000	1505952000
name		Upgrade	Upgrade
date		1517961600 (02/07/2018)	1517961600 (02/07/2018)
securityfocus_date		1542844800 (11/22/2018)	1542844800 (11/22/2018)
securityfocus_class		Failure to Handle Exceptional Conditions	Failure to Handle Exceptional Conditions
nessus_id		106664	106664
nessus_name		openSUSE Security Update : libsndfile (openSUSE-2018-140)	openSUSE Security Update : libsndfile (openSUSE-2018-140)
nessus_filename		openSUSE-2018-140.nasl	openSUSE-2018-140.nasl
nessus_family		SuSE Local Security Checks	SuSE Local Security Checks
openvas_filename		deb_dla_1618.nasl	deb_dla_1618.nasl
openvas_title		Debian LTS Advisory ([SECURITY] [DLA 1618-1] libsndfile security update)	Debian LTS Advisory ([SECURITY] [DLA 1618-1] libsndfile security update)
openvas_family		Debian Local Security Checks	Debian Local Security Checks
person_name			Pedro Sampaio
cvss2_nvd_basescore			4.3

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!