| Errata ID | 55 |
|---|---|
| Date | 2018-05-16 |
| Source package | libmad |
| Fixed in version | 0.15.1b-8+deb9u1 |
| Description | This update addresses the following issues: * The mad_layer_III function in layer3.c, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted audio file. (CVE-2017-8372) * The mad_layer_III function in layer3.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. (CVE-2017-8373) * The mad_bit_skip function in bit.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. (CVE-2017-8374) |
| Additional notes | |
| CVE ID | CVE-2017-8372 CVE-2017-8373 CVE-2017-8374 |
| UCS Bug number | #46964 |
