Overview

File _patchinfo of Package patchinfo.9088

<patchinfo incident="9088">
  <issue tracker="bnc" id="1103676">VUL-0: CVE-2018-1000223: soundtouch: Heap-based buffer overflow in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() potentially leading to code execution</issue>
  <issue tracker="bnc" id="1108632">VUL-0: CVE-2018-17098: soundtouch: remote denial of service (heap corruption from size inconsistency) in the WavFileBase class in WavFile.cpp</issue>
  <issue tracker="bnc" id="1108630">VUL-0: CVE-2018-17096: soundtouch: remote denial of service (assertion failure and application exit) in the BPMDetect class in BPMDetect.cpp</issue>
  <issue tracker="bnc" id="1108631">VUL-0: CVE-2018-17097: soundtouch: remote denial of service (double free) in the WavFileBase class in WavFile.cpp</issue>
  <issue tracker="cve" id="2018-17097"/>
  <issue tracker="cve" id="2018-17096"/>
  <issue tracker="cve" id="2018-1000223"/>
  <issue tracker="cve" id="2018-17098"/>
  <category>security</category>
  <rating>important</rating>
  <packager>mcalabkova</packager>
  <description>This update for soundtouch fixes the following issues:

- CVE-2018-17098: The WavFileBase class allowed remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch. (bsc#1108632)
- CVE-2018-17097: The WavFileBase class allowed remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch. (double free) (bsc#1108631)
- CVE-2018-17096: The BPMDetect class allowed remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. (bsc#1108630)
- CVE-2018-1000223: soundtouch contained a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() that can result in arbitrary code execution. This attack appear to be exploitable via victim must open maliocius file in soundstretch utility. (boo#1103676)
</description>
  <summary>Security update for soundtouch</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places