CVE-2017-7585
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-7585
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7585.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-7585
- Downstream
- Related
- Published
- 2017-04-07T20:59:00Z
- Modified
- 2025-10-14T16:13:52.651503Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In libsndfile before 1.0.28, an error in the "flacbuffercopy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
- References
Affected packages
Git / github.com/erikd/libsndfile
Affected ranges
- Type
- GIT
- Repo
- https://github.com/erikd/libsndfile
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affected
- Type
- GIT
- Repo
- https://github.com/libsndfile/libsndfile
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
{
"vanir_signatures": [
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "src/flac.c",
"function": "flac_read_loop"
},
"signature_version": "v1",
"digest": {
"length": 496.0,
"function_hash": "169080564912528090674624408017457554629"
},
"id": "CVE-2017-7585-1b2d10b9",
"source": "https://github.com/libsndfile/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "src/flac.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"109114571929507273310220021172740815815",
"76368128462217476998474735940412218708",
"303874596321044913956374893106939443276",
"264720290231741206551401345704081189001",
"135197557860603977353365421121237074332",
"263717283414918463731512000258528158035",
"99473988875365107291149998678668723177",
"199401478924829965301066403515308793905",
"59203162092611165790685795512464043510",
"19630209495980016236699389021759122784",
"127472803089175278493327389638594133972",
"195930973569973496231622457582848119489",
"91490283884465664276103671799831603059",
"13944221043548351812104027530949724896",
"109574527705998071928987124103849904768",
"227635834078458020049011341189234464981",
"199122207842648883783322305368703206147",
"836793104164813475992833902021667257",
"33688393261765994374588592882870440196",
"234433096601653574015743753327543798381",
"91088291842320796586954771010102965668",
"42764800811181595291975281012947374671",
"308076142000906389299207724540468217286",
"128999497043501194925248892451091219059",
"160753735249779509303007042741803534334",
"219704455362068007023001041133111634127",
"214083110146677973311463626405359553833",
"39200702163750044999781941082996055539"
],
"threshold": 0.9
},
"id": "CVE-2017-7585-cd721512",
"source": "https://github.com/libsndfile/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "src/flac.c",
"function": "flac_buffer_copy"
},
"signature_version": "v1",
"digest": {
"length": 3722.0,
"function_hash": "58142569931487262227866425697707993698"
},
"id": "CVE-2017-7585-fa025f04",
"source": "https://github.com/libsndfile/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0"
}
]
}