FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libsndfile -- out-of-bounds read memory access

Affected packages
libsndfile < 1.0.28_2
linux-c6-libsndfile < 1.0.28_2
linux-c7-libsndfile < 1.0.28_2


VuXML ID 004debf9-1d16-11e8-b6aa-4ccc6adda413
Discovery 2017-05-23
Entry 2018-03-01

Laurent Delosieres, Secunia Research at Flexera Software reports:

Secunia Research has discovered a vulnerability in libsndfile, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an error in the "aiff_read_chanmap()" function (src/aiff.c), which can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file. The vulnerability is confirmed in version 1.0.28. Other versions may also be affected.


CVE Name CVE-2017-6892