Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2017-8363 |
CWE-ID | CWE-122 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
libsndfile (Alpine package) Operating systems & Components / Operating system package or component |
Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU6884
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-8363
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to heap-based buffer over-read in the flac_buffer_copy function in flac.c in libsndfile. A remote attacker can send a specially crafted audio file, trick the victim into opening it, trigger memory corruption and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
Vulnerable software versionslibsndfile (Alpine package): 1.0.28-r0
CPE2.3 External linkshttp://git.alpinelinux.org/aports/commit/?id=2272f43516da3b21db1048c3b8ffdc96a084c175
http://git.alpinelinux.org/aports/commit/?id=8d4f547db4d45aa603aefd35027f5fb0166de529
http://git.alpinelinux.org/aports/commit/?id=f112dfcc1ff8e00843268088fc3427501a43505b
http://git.alpinelinux.org/aports/commit/?id=49b4ba77c180eea380f7eb5db100fc83162143e5
http://git.alpinelinux.org/aports/commit/?id=56b47c6467c8479db58029d1c52a3981c29fc634
http://git.alpinelinux.org/aports/commit/?id=9da648263f0617be34a73ea0898db64ebf78129f
http://git.alpinelinux.org/aports/commit/?id=d0b1ecd5f1f7ff44100af83e91b65c66a5dae123
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.