Fluid Attacks Database

Description

In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	libsndfile	>=0 <1.0.27-1	1.0.27-1
debian 12	libsndfile	>=0 <1.0.27-1	1.0.27-1
debian 13	libsndfile	>=0 <1.0.27-1	1.0.27-1
debian 11	libsndfile	>=0 <1.0.27-1	1.0.27-1
rpm rhel7	libsndfile	-	-
rpm rhel6	libsndfile	-	-

Aliases

1. CVE-2017-169422. NVD-2017-169423. OSV-DEBIAN-2017-169424. OSV-2017-169425. SECURITY-TRACKER-CVE-2017-16942

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.