618008 – (CVE-2017-7697) <media-libs/libsamplerate-0.1.9: global buffer overflow in calc_output_single (src_sinc.c)

Bug 618008 (CVE-2017-7697) - <media-libs/libsamplerate-0.1.9: global buffer overflow in calc_output_single (src_sinc.c)

Summary: <media-libs/libsamplerate-0.1.9: global buffer overflow in calc_output_single...

Status:	RESOLVED FIXED

Alias:	CVE-2017-7697

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	https://blogs.gentoo.org/ago/2017/04/...
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-05-09 18:17 UTC by Agostino Sarubbo
Modified:	2017-05-18 06:57 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2017-05-09 18:17:23 UTC

Details at $URL.



@maintainer(s): since the fixed version is already stable, please remove the affected versions from the tree.

Comment 1 GLSAMaker/CVETool Bot gentoo-dev

2017-05-16 06:47:48 UTC

CVE-2017-7697 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7697):
  In libsamplerate before 0.1.9, a buffer over-read occurs in the
  calc_output_single function in src_sinc.c via a crafted audio file.

Comment 2 Tony Vroon (RETIRED) gentoo-dev

2017-05-16 08:27:36 UTC

0.1.8-r1 removed as requested.

Comment 3 Mart Raudsepp gentoo-dev

2017-05-16 17:05:35 UTC

Removal reverted due to deptree breakage for ia64. Dropped keywords for everyone else (including all security supported arches) instead. I would consider cleanup done for security purposes, thus not adding back the cleanup keyword to whiteboard.