Vulnerability - CVE-2017-6833

Name

CVE-2017-6833

Source

NVD ( link)Debian ( link)

Description

The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file.

CWEs

CWE-369

Published Date

Mar 20, 2017

Updated Date

Jun 17, 2026

Workaround

Advisories

http://www.openwall.com/lists/oss-security/2017/03/13/5Mailing List

https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp/VDB Entry

https://github.com/mpruett/audiofile/issues/37Issue Tracking

https://github.com/mpruett/audiofile/pull/42Issue Tracking

http://www.openwall.com/lists/oss-security/2017/03/13/5Mailing List

https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp/VDB Entry

https://github.com/mpruett/audiofile/issues/37Issue Tracking

https://github.com/mpruett/audiofile/pull/42Issue Tracking

Analysis#

Affected Component

Analysis

audiofile

Exploitable

Vulnerability Ratings#

5.5

other

4.3

CVSSv2

Others affected components#

Name

Project

Project Version

Version

Status

audiofile

yocto

kirkstone

0.3.6

Exploitable

audiofile

yocto

scarthgap

0.3.6

Exploitable