CVE-2017-6834

moderate-risk
Published 2017-03-20

Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.

Do I need to act?

~
4.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (10)

Affected Vendors

Audiofile Debian

References (10)

Third Party Advisory http://www.debian.org/security/2017/dsa-3814
Mailing List http://www.openwall.com/lists/oss-security/2017/03/13/6
Third Party Advisory https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-...
Issue Tracking https://github.com/mpruett/audiofile/issues/38
Issue Tracking https://github.com/mpruett/audiofile/pull/42
Third Party Advisory http://www.debian.org/security/2017/dsa-3814
Mailing List http://www.openwall.com/lists/oss-security/2017/03/13/6
Third Party Advisory https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-...
Issue Tracking https://github.com/mpruett/audiofile/issues/38
Issue Tracking https://github.com/mpruett/audiofile/pull/42
42
/ 100
moderate-risk
Severity 18/34 · Moderate
Exploitability 8/34 · Low
Exposure 16/34 · Moderate