CVE-2017-6836

Priority
Description
Heap-based buffer overflow in the Expand3To4Module::run function in
libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile)
0.3.6 allows remote attackers to cause a denial of service (crash) via a
crafted file.
Notes
ratliffsame fix as for CVE-2017-6830 and CVE-2017-6834
Package
Upstream:released (0.3.6-4)
Ubuntu 14.04 ESM (Trusty Tahr):released ([0.3.6-2ubuntu0.14.04.2])
Ubuntu 16.04 LTS (Xenial Xerus):released (0.3.6-2ubuntu0.16.04.1)
Patches:
Upstream:https://github.com/mpruett/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c
Upstream:https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7
More Information

Updated: 2020-01-29 19:59:43 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)