Fluid Attacks Database

Description

In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.11	libsndfile	=1.0.19-r0 \|\| =1.0.20-r0 \|\| =1.0.21-r0 \|\| =1.0.21-r1 \|\| =1.0.21-r2 \|\| =1.0.21-r3 \|\| =1.0.22-r0 \|\| =1.0.23-r0 \|\| =1.0.23-r1 \|\| =1.0.24-r0 \|\| =1.0.24-r1 \|\| =1.0.25-r0 \|\| =1.0.25-r1 \|\| =1.0.25-r2 \|\| =1.0.25-r3 \|\| =1.0.26-r0 \|\| =1.0.27-r0 \|\| >=0 <1.0.28-r0	1.0.28-r0
alpine v3.7	libsndfile	=1.0.19-r0 \|\| =1.0.20-r0 \|\| =1.0.21-r0 \|\| =1.0.21-r1 \|\| =1.0.21-r2 \|\| =1.0.21-r3 \|\| =1.0.22-r0 \|\| =1.0.23-r0 \|\| =1.0.23-r1 \|\| =1.0.24-r0 \|\| =1.0.24-r1 \|\| =1.0.25-r0 \|\| =1.0.25-r1 \|\| =1.0.25-r2 \|\| =1.0.25-r3 \|\| =1.0.26-r0 \|\| =1.0.27-r0 \|\| >=0 <1.0.28-r0	1.0.28-r0
alpine v3.10	libsndfile	=1.0.19-r0 \|\| =1.0.20-r0 \|\| =1.0.21-r0 \|\| =1.0.21-r1 \|\| =1.0.21-r2 \|\| =1.0.21-r3 \|\| =1.0.22-r0 \|\| =1.0.23-r0 \|\| =1.0.23-r1 \|\| =1.0.24-r0 \|\| =1.0.24-r1 \|\| =1.0.25-r0 \|\| =1.0.25-r1 \|\| =1.0.25-r2 \|\| =1.0.25-r3 \|\| =1.0.26-r0 \|\| =1.0.27-r0 \|\| >=0 <1.0.28-r0	1.0.28-r0
alpine v3.13	libsndfile	=1.0.19-r0 \|\| =1.0.20-r0 \|\| =1.0.21-r0 \|\| =1.0.21-r1 \|\| =1.0.21-r2 \|\| =1.0.21-r3 \|\| =1.0.22-r0 \|\| =1.0.23-r0 \|\| =1.0.23-r1 \|\| =1.0.24-r0 \|\| =1.0.24-r1 \|\| =1.0.25-r0 \|\| =1.0.25-r1 \|\| =1.0.25-r2 \|\| =1.0.25-r3 \|\| =1.0.26-r0 \|\| =1.0.27-r0 \|\| >=0 <1.0.28-r0	1.0.28-r0
alpine v3.15	libsndfile	=1.0.19-r0 \|\| =1.0.20-r0 \|\| =1.0.21-r0 \|\| =1.0.21-r1 \|\| =1.0.21-r2 \|\| =1.0.21-r3 \|\| =1.0.22-r0 \|\| =1.0.23-r0 \|\| =1.0.23-r1 \|\| =1.0.24-r0 \|\| =1.0.24-r1 \|\| =1.0.25-r0 \|\| =1.0.25-r1 \|\| =1.0.25-r2 \|\| =1.0.25-r3 \|\| =1.0.26-r0 \|\| =1.0.27-r0 \|\| >=0 <1.0.28-r0	1.0.28-r0
alpine v3.8	libsndfile	=1.0.19-r0 \|\| =1.0.20-r0 \|\| =1.0.21-r0 \|\| =1.0.21-r1 \|\| =1.0.21-r2 \|\| =1.0.21-r3 \|\| =1.0.22-r0 \|\| =1.0.23-r0 \|\| =1.0.23-r1 \|\| =1.0.24-r0 \|\| =1.0.24-r1 \|\| =1.0.25-r0 \|\| =1.0.25-r1 \|\| =1.0.25-r2 \|\| =1.0.25-r3 \|\| =1.0.26-r0 \|\| =1.0.27-r0 \|\| >=0 <1.0.28-r0	1.0.28-r0
alpine v3.9	libsndfile	=1.0.19-r0 \|\| =1.0.20-r0 \|\| =1.0.21-r0 \|\| =1.0.21-r1 \|\| =1.0.21-r2 \|\| =1.0.21-r3 \|\| =1.0.22-r0 \|\| =1.0.23-r0 \|\| =1.0.23-r1 \|\| =1.0.24-r0 \|\| =1.0.24-r1 \|\| =1.0.25-r0 \|\| =1.0.25-r1 \|\| =1.0.25-r2 \|\| =1.0.25-r3 \|\| =1.0.26-r0 \|\| =1.0.27-r0 \|\| >=0 <1.0.28-r0	1.0.28-r0
debian 13	libsndfile	>=0 <1.0.27-2	1.0.27-2
alpine v3.12	libsndfile	=1.0.19-r0 \|\| =1.0.20-r0 \|\| =1.0.21-r0 \|\| =1.0.21-r1 \|\| =1.0.21-r2 \|\| =1.0.21-r3 \|\| =1.0.22-r0 \|\| =1.0.23-r0 \|\| =1.0.23-r1 \|\| =1.0.24-r0 \|\| =1.0.24-r1 \|\| =1.0.25-r0 \|\| =1.0.25-r1 \|\| =1.0.25-r2 \|\| =1.0.25-r3 \|\| =1.0.26-r0 \|\| =1.0.27-r0 \|\| >=0 <1.0.28-r0	1.0.28-r0
alpine v3.16	libsndfile	=1.0.19-r0 \|\| =1.0.20-r0 \|\| =1.0.21-r0 \|\| =1.0.21-r1 \|\| =1.0.21-r2 \|\| =1.0.21-r3 \|\| =1.0.22-r0 \|\| =1.0.23-r0 \|\| =1.0.23-r1 \|\| =1.0.24-r0 \|\| =1.0.24-r1 \|\| =1.0.25-r0 \|\| =1.0.25-r1 \|\| =1.0.25-r2 \|\| =1.0.25-r3 \|\| =1.0.26-r0 \|\| =1.0.27-r0 \|\| >=0 <1.0.28-r0	1.0.28-r0

1-10 of 28

Aliases

1. CVE-2017-77412. NVD-2017-77413. OSV-ALPINE-2017-77414. OSV-2017-77415. OSV-DEBIAN-2017-77416. SECURITY-CVE-2017-77417. SECURITY-TRACKER-CVE-2017-7741

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.