Candidate: CVE-2017-9259
PublicDate: 2017-07-27 06:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9259
 http://seclists.org/fulldisclosure/2017/Jul/62
Description:
 The TDStretch::acceptNewOverlapLength function in
 source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers
 to cause a denial of service (memory allocation error and application
 crash) via a crafted wav file.
Ubuntu-Description:
 It was discovered that SoundTouch incorrectly handled certain WAV files. A
 remote attacker could possibly use this issue to cause a denial of service.
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]

Patches_soundtouch:
upstream_soundtouch: released (1.9.2-2+deb9u1, 1.9.2-3)
precise/esm_soundtouch: DNE
trusty_soundtouch: ignored (out of standard support)
trusty/esm_soundtouch: needed
vivid/ubuntu-core_soundtouch: DNE
xenial_soundtouch: released (1.9.2-2+deb9u1build0.16.04.1)
zesty_soundtouch: ignored (reached end-of-life)
artful_soundtouch: ignored (reached end-of-life)
bionic_soundtouch: not-affected (1.9.2-3)
cosmic_soundtouch: not-affected (1.9.2-3)
disco_soundtouch: not-affected (1.9.2-3)
eoan_soundtouch: not-affected (1.9.2-3)
focal_soundtouch: not-affected (1.9.2-3)
groovy_soundtouch: not-affected (1.9.2-3)
hirsute_soundtouch: not-affected (1.9.2-3)
impish_soundtouch: not-affected (1.9.2-3)
jammy_soundtouch: not-affected (1.9.2-3)
devel_soundtouch: not-affected (1.9.2-3)