Vulnerability - CVE-2017-6832

Name

CVE-2017-6832

Source

NVD ( link)Debian ( link)

Description

Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.

CWEs

CWE-119

Published Date

Mar 20, 2017

Updated Date

Jun 17, 2026

Workaround

Advisories

http://www.debian.org/security/2017/dsa-3814Third Party Advisory

http://www.openwall.com/lists/oss-security/2017/03/13/4Mailing List

http://www.securityfocus.com/bid/97589VDB Entry

https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp/VDB Entry

https://github.com/mpruett/audiofile/issues/36Issue Tracking

https://github.com/mpruett/audiofile/pull/42Issue Tracking

http://www.debian.org/security/2017/dsa-3814Third Party Advisory

http://www.openwall.com/lists/oss-security/2017/03/13/4Mailing List

http://www.securityfocus.com/bid/97589VDB Entry

https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp/VDB Entry

https://github.com/mpruett/audiofile/issues/36Issue Tracking

https://github.com/mpruett/audiofile/pull/42Issue Tracking

Analysis#

Affected Component

Analysis

audiofile

Exploitable

Vulnerability Ratings#

5.5

CVSSv31

4.3

CVSSv2

Others affected components#

Name

Project

Project Version

Version

Status

audiofile

yocto

kirkstone

0.3.6

Exploitable

audiofile

yocto

scarthgap

0.3.6

Exploitable