Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

Fedora 25 Security Advisory: Critical libsndfile Buffer Overflow Issue

fedora
Calendar Grey August 31, 2017
Dist Fedora Esm H88
The Fedora 25 security update fixes a critical heap-based buffer overflow in the libsndfile library, allowing remote attackers to compromise systems.
fixes heap-based Buffer Overflow in psf_binheader_writef function (#1483140, CVE-2017-12562)

Summary

libsndfile is a C library for reading and writing sound files such as

AIFF, AU, WAV, and others through one standard interface. It can

currently read/write 8, 16, 24 and 32-bit PCM files as well as 32 and

64-bit floating point WAV files and a number of compressed formats. It

compiles and runs on *nix, MacOS, and Win32.

fixes heap-based Buffer Overflow in psf_binheader_writef function (#1483140,

CVE-2017-12562)

[ 1 ] Bug #1483140 - CVE-2017-12562 libsndfile: Heap-based Buffer Overflow in psf_binheader_writef function in common.c

https://bugzilla.redhat.com/show_bug.cgi?id=1483140

su -c 'dnf upgrade libsndfile' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 25
Version: 1.0.28
Release: 6.fc25
Summary: Library for reading and writing sound files

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.