CVE-2017-6831

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-6831
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6831.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-6831
Downstream
Related
Published
2017-03-20T16:59:02.703Z
Modified
2026-03-15T22:17:49.893441Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.

References

Affected packages

Git / github.com/antlarr/audiofile

Affected ranges

Type
GIT
Repo
https://github.com/antlarr/audiofile
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6
Type
GIT
Repo
https://github.com/mpruett/audiofile
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f7d4869217acf7f4771d148002d4287f31e1c2d8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fe639fca31befbfbdf1bf45c7593fff1386d67da
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
382ed422033d53bd711ace66394c5249a5e214a4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7113d9f09177e5f1919698fa4610936b0b0013b1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
bae63371740e659b25d3b780f059dcafdef9b25b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2ff39015082e33b97e546c30ecb4170cd73b3285
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0fded995a7a29aac46bda56c84555048305c6bf8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d19a5ace5ae891c778cbc710d78634de6084b846
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.2.7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.3.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.3.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.3.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.3.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.3.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.3.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.3.6"
        }
    ]
}

Affected versions

audiofile-0.*
audiofile-0.2.1
audiofile-0.2.2
audiofile-0.2.3
audiofile-0.2.4
audiofile-0.2.5
audiofile-0.2.6
audiofile-0.2.7
audiofile-0.3.0
audiofile-0.3.1
audiofile-0.3.2
audiofile-0.3.3
audiofile-0.3.4
audiofile-0.3.5
audiofile-0.3.6

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    }
]
vanir_signatures 
[
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "target": {
            "file": "libaudiofile/WAVE.cpp"
        },
        "id": "CVE-2017-6831-314568ec",
        "deprecated": false,
        "source": "https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6",
        "digest": {
            "line_hashes": [
                "331470145967194600774318625752253890445",
                "232798939947800200754239479194282584567",
                "219950778595101875391487318990529141915",
                "9931794692818815536740976616195528411",
                "313616948841340480450728645639032661791",
                "185358438352405145440304294832130766911",
                "668093673687982700959098601548676743",
                "221765431166475582793187396825314521101"
            ],
            "threshold": 0.9
        }
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "target": {
            "file": "libaudiofile/WAVE.cpp",
            "function": "WAVEFile::parseFormat"
        },
        "id": "CVE-2017-6831-571136c3",
        "deprecated": false,
        "source": "https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6",
        "digest": {
            "function_hash": "90884721003669009012809751076469776921",
            "length": 5810.0
        }
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6831.json"