{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-04-07T00:00:00", "descriptions": [{"lang": "en", "value": "In libsndfile before 1.0.28, an error in the \"flac_buffer_copy()\" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.mega-nerd.com/libsndfile/#History"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mega-nerd.com/libsndfile/NEWS"}, {"name": "GLSA-201707-04", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201707-04"}, {"tags": ["x_refsource_MISC"], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-4/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-7585", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In libsndfile before 1.0.28, an error in the \"flac_buffer_copy()\" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.mega-nerd.com/libsndfile/#History", "refsource": "CONFIRM", "url": "http://www.mega-nerd.com/libsndfile/#History"}, {"name": "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0", "refsource": "CONFIRM", "url": "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0"}, {"name": "http://www.mega-nerd.com/libsndfile/NEWS", "refsource": "CONFIRM", "url": "http://www.mega-nerd.com/libsndfile/NEWS"}, {"name": "GLSA-201707-04", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201707-04"}, {"name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-4/", "refsource": "MISC", "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-4/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:04:12.013Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mega-nerd.com/libsndfile/#History"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mega-nerd.com/libsndfile/NEWS"}, {"name": "GLSA-201707-04", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201707-04"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-4/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-7585", "datePublished": "2017-04-07T20:00:00", "dateReserved": "2017-04-07T00:00:00", "dateUpdated": "2024-08-05T16:04:12.013Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libsndfile_project:libsndfile:*:*:*:*:*:*:*:*", "matchCriteriaId": "59548F6B-A7DD-4844-8347-79E7FEBF8280", "versionEndIncluding": "1.0.27", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In libsndfile before 1.0.28, an error in the \"flac_buffer_copy()\" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file."}, {"lang": "es", "value": "En libsndfile en versiones anteriores a 1.0.28, un error en la funci\u00f3n \"flac_buffer_copy()\" (flac.c) puede ser explotada para provocar un desbordamiento de b\u00fafer basado en pila a trav\u00e9s de un archivo FLAC especialmente manipulado."}], "id": "CVE-2017-7585", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-07T20:59:00.190", "references": [{"source": "cve@mitre.org", "tags": ["Product", "Release Notes"], "url": "http://www.mega-nerd.com/libsndfile/#History"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "http://www.mega-nerd.com/libsndfile/NEWS"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-4/"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201707-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Release Notes"], "url": "http://www.mega-nerd.com/libsndfile/#History"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "http://www.mega-nerd.com/libsndfile/NEWS"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-4/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201707-04"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "libsndfile: Stack-based buffer overflow in flac_buffer_copy()", "id": "1440756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1440756"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-121", "details": ["In libsndfile before 1.0.28, an error in the \"flac_buffer_copy()\" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.", "A buffer overflow flaw was found in the way libsndfile handled FLAC files. This flaw could potentially be used to crash the application using libsndfile by tricking the application into processing specially crafted FLAC files."], "name": "CVE-2017-7585", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "libsndfile", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "libsndfile", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2017-03-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-7585\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7585"], "threat_severity": "Low"}