libsndfile 1.0.28 double64.c double64_init Audio File Denial of Service

eintrageditHistoryDiffjsonxmlCTI

Eine Schwachstelle wurde in libsndfile 1.0.28 (Audio Processing Software) gefunden. Sie wurde als problematisch eingestuft. Dies betrifft die Funktion double64_init der Datei double64.c. Ein Upgrade vermag dieses Problem zu beheben. Das Erscheinen einer Gegenmassnahme geschah 5 Monate nach der Veröffentlichung der Schwachstelle. Die Entwickler haben hiermit fahrlässig langsam und viel spät reagiert.

Feld21.09.2017 21:4918.11.2019 15:1513.01.2021 18:12
typeAudio Processing SoftwareAudio Processing SoftwareAudio Processing Software
namelibsndfilelibsndfilelibsndfile
version1.0.281.0.281.0.28
filedouble64.cdouble64.cdouble64.c
functiondouble64_initdouble64_initdouble64_init
input_typeAudio FileAudio FileAudio File
cwe369 (Denial of Service)369 (Denial of Service)369 (Denial of Service)
risk111
cvss2_vuldb_basescore4.34.34.3
cvss2_vuldb_tempscore3.73.73.7
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acMMM
cvss2_nvd_auNNN
cvss2_nvd_ciNNN
cvss2_nvd_iiNNN
cvss2_nvd_aiPPP
cvss3_meta_basescore5.45.45.4
cvss3_meta_tempscore5.15.15.1
cvss3_vuldb_basescore4.34.34.3
cvss3_vuldb_tempscore4.14.14.1
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiRRR
cvss3_nvd_sUUU
cvss3_nvd_cNNN
cvss3_nvd_iNNN
cvss3_nvd_aHHH
date1505952000 (21.09.2017)1505952000 (21.09.2017)1505952000 (21.09.2017)
urlhttps://github.com/erikd/libsndfile/issues/318https://github.com/erikd/libsndfile/issues/318https://github.com/erikd/libsndfile/issues/318
price_0day$0-$5k$0-$5k$0-$5k
cveCVE-2017-14634CVE-2017-14634CVE-2017-14634
cve_assigned150595200015059520001505952000
cve_nvd_published150595200015059520001505952000
cve_nvd_summaryIn libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.
securityfocus105996105996105996
securityfocus_titleLibsndfile 'sndfile.c' Denial of Service VulnerabilityLibsndfile 'sndfile.c' Denial of Service VulnerabilityLibsndfile 'sndfile.c' Denial of Service Vulnerability
nessus_riskMediumMediumMedium
nessus_typelocallocallocal
nessus_date1518048000 (08.02.2018)1518048000 (08.02.2018)1518048000 (08.02.2018)
qualys_id176789176789176789
qualys_titleDebian Security Update for libsndfile (DLA 1618-1)Debian Security Update for libsndfile (DLA 1618-1)Debian Security Update for libsndfile (DLA 1618-1)
seealso100762 100763 100764 100766 102253 106941 106942 109967 110315 110316 120327 127065 127317 127318 127337 131992100762 100763 100764 100766 102253 106941 106942 109967 110315 110316 120327 127065 127317 127318 127337 131992100762 100763 100764 100766 102253 106941 106942 109967 110315 110316 120327 127065 127317 127318 127337 131992
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
reaction_days139139139
exposure_days139139139
cvss3_nvd_basescore6.56.56.5
discoverydate15059520001505952000
nameUpgradeUpgrade
date1517961600 (07.02.2018)1517961600 (07.02.2018)
securityfocus_date1542844800 (22.11.2018)1542844800 (22.11.2018)
securityfocus_classFailure to Handle Exceptional ConditionsFailure to Handle Exceptional Conditions
nessus_id106664106664
nessus_nameopenSUSE Security Update : libsndfile (openSUSE-2018-140)openSUSE Security Update : libsndfile (openSUSE-2018-140)
nessus_filenameopenSUSE-2018-140.naslopenSUSE-2018-140.nasl
nessus_familySuSE Local Security ChecksSuSE Local Security Checks
openvas_filenamedeb_dla_1618.nasldeb_dla_1618.nasl
openvas_titleDebian LTS Advisory ([SECURITY] [DLA 1618-1] libsndfile security update)Debian LTS Advisory ([SECURITY] [DLA 1618-1] libsndfile security update)
openvas_familyDebian Local Security ChecksDebian Local Security Checks
person_namePedro Sampaio
cvss2_nvd_basescore4.3

ZurückÜbersichtWeiter

Might our Artificial Intelligence support you?

Check our Alexa App!