Candidate: CVE-2017-7697
PublicDate: 2017-04-11 23:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7697
 https://blogs.gentoo.org/ago/2017/04/11/libsamplerate-global-buffer-overflow-in-calc_output_single-src_sinc-c/
Description:
 In libsamplerate before 0.1.9, a buffer over-read occurs in the
 calc_output_single function in src_sinc.c via a crafted audio file.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860159
 https://github.com/erikd/libsamplerate/issues/11
Priority: low
Discovered-by: Erik de Castro Lopo and Agostino Sarubbo
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]

Patches_libsamplerate:
 upstream: https://github.com/erikd/libsamplerate/commit/c3b66186656de44da18b7058aec099dbe782dd0b
upstream_libsamplerate: released (0.1.9-1)
precise_libsamplerate: ignored (reached end-of-life)
precise/esm_libsamplerate: DNE (precise was needed)
trusty_libsamplerate: ignored (reached end-of-life)
trusty/esm_libsamplerate: needed
vivid/stable-phone-overlay_libsamplerate: ignored (reached end-of-life)
vivid/ubuntu-core_libsamplerate: DNE
xenial_libsamplerate: ignored (end of standard support, was needed)
esm-infra/xenial_libsamplerate: needed
yakkety_libsamplerate: ignored (reached end-of-life)
zesty_libsamplerate: ignored (reached end-of-life)
artful_libsamplerate: ignored (reached end-of-life)
bionic_libsamplerate: not-affected (0.1.9-1)
cosmic_libsamplerate: not-affected (0.1.9-1)
disco_libsamplerate: not-affected (0.1.9-1)
eoan_libsamplerate: not-affected (0.1.9-1)
focal_libsamplerate: not-affected (0.1.9-1)
groovy_libsamplerate: not-affected (0.1.9-1)
hirsute_libsamplerate: not-affected (0.1.9-1)
impish_libsamplerate: not-affected (0.1.9-1)
jammy_libsamplerate: not-affected (0.1.9-1)
devel_libsamplerate: not-affected (0.1.9-1)