Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.
{
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "8.0"
},
{
"last_affected": "8.0"
},
{
"introduced": "9.0"
},
{
"last_affected": "9.0"
}
],
"source": "CPE_STRING",
"vendor_product": "debian:debian_linux",
"cpes": [
"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
]
}
]
}"2026-07-08T11:36:07Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6831.json"
[
{
"id": "CVE-2017-6831-314568ec",
"digest": {
"line_hashes": [
"331470145967194600774318625752253890445",
"232798939947800200754239479194282584567",
"219950778595101875391487318990529141915",
"9931794692818815536740976616195528411",
"313616948841340480450728645639032661791",
"185358438352405145440304294832130766911",
"668093673687982700959098601548676743",
"221765431166475582793187396825314521101"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6",
"deprecated": false,
"target": {
"file": "libaudiofile/WAVE.cpp"
}
},
{
"id": "CVE-2017-6831-571136c3",
"digest": {
"function_hash": "90884721003669009012809751076469776921",
"length": 5810.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6",
"deprecated": false,
"target": {
"function": "WAVEFile::parseFormat",
"file": "libaudiofile/WAVE.cpp"
}
}
]
{
"source": "CPE_STRING",
"cpe": [
"cpe:2.3:a:audiofile:audiofile:0.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:audiofile:audiofile:0.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:audiofile:audiofile:0.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:audiofile:audiofile:0.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:audiofile:audiofile:0.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:audiofile:audiofile:0.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:audiofile:audiofile:0.3.5:*:*:*:*:*:*:*",
"cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "0.2.7"
},
{
"last_affected": "0.2.7"
},
{
"introduced": "0.3.0"
},
{
"last_affected": "0.3.0"
},
{
"introduced": "0.3.1"
},
{
"last_affected": "0.3.1"
},
{
"introduced": "0.3.2"
},
{
"last_affected": "0.3.2"
},
{
"introduced": "0.3.3"
},
{
"last_affected": "0.3.3"
},
{
"introduced": "0.3.4"
},
{
"last_affected": "0.3.4"
},
{
"introduced": "0.3.5"
},
{
"last_affected": "0.3.5"
},
{
"introduced": "0.3.6"
},
{
"last_affected": "0.3.6"
}
]
}