In libsndfile version 1.0.28, an error in the "aiffreadchanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.
{ "binaries": [ { "binary_version": "1.0.25-7ubuntu2.2+esm1", "binary_name": "libsndfile1" }, { "binary_version": "1.0.25-7ubuntu2.2+esm1", "binary_name": "libsndfile1-dev" }, { "binary_version": "1.0.25-7ubuntu2.2+esm1", "binary_name": "sndfile-programs" } ], "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro" }
{ "binaries": [ { "binary_version": "1.0.25-10ubuntu0.16.04.2", "binary_name": "libsndfile1" }, { "binary_version": "1.0.25-10ubuntu0.16.04.2", "binary_name": "libsndfile1-dev" }, { "binary_version": "1.0.25-10ubuntu0.16.04.2", "binary_name": "sndfile-programs" } ], "availability": "No subscription required" }