Vulnerability - CVE-2017-6834

Name

CVE-2017-6834

Source

NVD ( link)Debian ( link)

Description

Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.

CWEs

CWE-119

Published Date

Mar 20, 2017

Updated Date

Jun 17, 2026

Workaround

Advisories

http://www.debian.org/security/2017/dsa-3814Third Party Advisory

http://www.openwall.com/lists/oss-security/2017/03/13/6Mailing List

https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp/VDB Entry

https://github.com/mpruett/audiofile/issues/38Issue Tracking

https://github.com/mpruett/audiofile/pull/42Issue Tracking

http://www.debian.org/security/2017/dsa-3814Third Party Advisory

http://www.openwall.com/lists/oss-security/2017/03/13/6Mailing List

https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp/VDB Entry

https://github.com/mpruett/audiofile/issues/38Issue Tracking

https://github.com/mpruett/audiofile/pull/42Issue Tracking

Analysis#

Affected Component

Analysis

audiofile

Exploitable

Vulnerability Ratings#

5.5

CVSSv31

4.3

CVSSv2

Others affected components#

Name

Project

Project Version

Version

Status

audiofile

yocto

kirkstone

0.3.6

Exploitable

audiofile

yocto

master

0.3.6

Exploitable