Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Debian 9 Stretch: DLA-3058-1 Critical Libsndfile Denial of Service

debian lts
Calendar Grey June 28, 2022
Dist Debian Esm H88
Important libsndfile patch for Debian LTS resolves major vulnerabilities that could allow unauthorized system access.
Two issues have been found in libsndfile, a library for reading/writing audio files
Topics%20covered

Topics Covered

security advisory denial of service critical debian libsndfile

Summary

Two issues have been found in libsndfile, a library for reading/writing
audio files.

CVE-2017-12562

Due to a possible heap buffer overflow attack in an attacker could
cause a remote denial of service attack by tricking the function into
outputting a largeamount of data.

CVE-2021-4156

Using a crafted FLAC file, an attacker could trigger an out-of-bounds
read that would most likely cause a crash but could potentially leak
memory information.


For Debian 9 stretch, these problems have been fixed in version
1.0.27-3+deb9u3.

We recommend that you upgrade your libsndfile packages.

For the detailed security status of libsndfile please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/libsndfile

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS




Severity
critical
Lowest
Low
Medium
High
Critical

Package: libsndfile
Version: 1.0.27-3+deb9u3
CVE ID: CVE-2017-12562 CVE-2021-4156

Topics%20covered

Topics Covered

security advisory denial of service critical debian libsndfile

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here