Candidate: CVE-2017-17555
PublicDate: 2017-12-12 01:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17555
 https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md
 https://github.com/aubio/aubio/issues/137
Description:
 The swri_audio_convert function in audioconvert.c in FFmpeg libswresample
 through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products,
 allows remote attackers to cause a denial of service (NULL pointer
 dereference and application crash) via a crafted audio file.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884232
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM]


Patches_aubio:
 upstream: https://github.com/aubio/aubio/commit/265fe9a2ca606f8b9ae4a110390f26c139c01ad7
upstream_aubio: released (0.4.6-1)
precise/esm_aubio: DNE
trusty_aubio: ignored (reached end-of-life)
trusty/esm_aubio: DNE (trusty was needed)
xenial_aubio: ignored (end of standard support, was needed)
zesty_aubio: ignored (reached end-of-life)
artful_aubio: ignored (reached end-of-life)
bionic_aubio: needed
cosmic_aubio: ignored (reached end-of-life)
disco_aubio: not-affected (0.4.6-2)
eoan_aubio: not-affected (0.4.6-2)
focal_aubio: not-affected (0.4.6-2)
groovy_aubio: not-affected (0.4.6-2)
hirsute_aubio: not-affected (0.4.6-2)
impish_aubio: not-affected (0.4.6-2)
jammy_aubio: not-affected (0.4.6-2)
devel_aubio: not-affected (0.4.6-2)