Candidate: CVE-2017-17054
PublicDate: 2017-11-29 07:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17054
 https://github.com/aubio/aubio/issues/148
Description:
 In aubio 0.4.6, a divide-by-zero error exists in the function
 new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when
 playing a crafted audio file.
Ubuntu-Description:
Notes:
 debian> vulnerability introduced in 0.4.3
 msalvatore> It looks to me like the patch is needed in xenial and trusty
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]


Patches_aubio:
 upstream: https://github.com/aubio/aubio/commit/a81b12a3b4174953b3bc7ef4c37103f4d5636740
upstream_aubio: released (0.4.6-1)
precise/esm_aubio: DNE
trusty_aubio: ignored (reached end-of-life)
trusty/esm_aubio: DNE (trusty was needed)
xenial_aubio: ignored (end of standard support, was needed)
zesty_aubio: ignored (reached end-of-life)
artful_aubio: ignored (reached end-of-life)
bionic_aubio: needed
cosmic_aubio: ignored (reached end-of-life)
disco_aubio: not-affected (0.4.6-2)
eoan_aubio: not-affected (0.4.6-2)
focal_aubio: not-affected (0.4.6-2)
groovy_aubio: not-affected (0.4.6-2)
hirsute_aubio: not-affected (0.4.6-2)
impish_aubio: not-affected (0.4.6-2)
jammy_aubio: not-affected (0.4.6-2)
devel_aubio: not-affected (0.4.6-2)