Detections
Analytics
Alpine: multiple libsndfile packages: security update to 1.0.28-r0 (deprecated)
high Tenable Cloud Security Plugin ID 400833
Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:- The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of
service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted
audio file. (CVE-2017-8361)
- The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of
service (invalid read and application crash) via a crafted audio file. (CVE-2017-8362)
- The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of
service (heap-based buffer over-read and application crash) via a crafted audio file. (CVE-2017-8363)
- The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of
service (buffer over-read and application crash) via a crafted audio file. (CVE-2017-8365)
See Also
https://git.alpinelinux.org/aports/commit/?id=018b00c3e22e85ddc30d153966483998ecefc95d
https://git.alpinelinux.org/aports/commit/?id=49b4ba77c180eea380f7eb5db100fc83162143e5
Plugin Details
Severity: High
ID: 400833
Version: Revision 1.22
Type: Local
Published: 8/16/2023
Updated: 1/17/2024
Supported Sensors: Agentless Assessment
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2017-8361
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Exploit Ease: No known exploits are available
Patch Publication Date: 7/5/2017
Vulnerability Publication Date: 4/30/2017
Reference Information
CVE: CVE-2017-8361, CVE-2017-8362, CVE-2017-8363, CVE-2017-8365