Name | CVE-2017-8374 |
Description | The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DLA-1380-1, DSA-4192-1 |
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
libmad (PTS) | bullseye | 0.15.1b-10 | fixed |
| bookworm | 0.15.1b-10.1 | fixed |
| sid, trixie | 0.15.1b-10.2 | fixed |
The information below is based on the following data on fixed versions.
Notes
https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_bit_skip-bit-c/
The patch from #508133 fixed things related to this, but did not fix this.
Patch in 0.15.1b-9: libmad-0.15.1b/debian/patches/length-check.patch