Overview

File _patchinfo of Package patchinfo.9257

<patchinfo incident="9257">
  <issue tracker="bnc" id="1108632">VUL-0: CVE-2018-17098: soundtouch: remote denial of service (heap corruption from size inconsistency) in the WavFileBase class in WavFile.cpp</issue>
  <issue tracker="bnc" id="1108630">VUL-0: CVE-2018-17096: soundtouch: remote denial of service (assertion failure and application exit) in the BPMDetect class in BPMDetect.cpp</issue>
  <issue tracker="bnc" id="1108631">VUL-0: CVE-2018-17097: soundtouch: remote denial of service (double free) in the WavFileBase class in WavFile.cpp</issue>
  <issue tracker="cve" id="2018-17097"/>
  <issue tracker="cve" id="2018-17096"/>
  <issue tracker="cve" id="2018-17098"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>mcalabkova</packager>
  <description>This update for soundtouch fixes the following issues:

- CVE-2018-17098: The WavFileBase class allowed remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch. (bsc#1108632) 
- CVE-2018-17097: The WavFileBase class allowed remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch. (double free) (bsc#1108631) 
- CVE-2018-17096: The BPMDetect class allowed remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. (bsc#1108630) 
</description>
  <summary>Security update for soundtouch</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places