| Errata ID | 73 |
|---|---|
| Date | 2018-05-16 |
| Source package | soundtouch |
| Fixed in version | 1.9.2-2+deb9u1 |
| Description | This update addresses the following issues: * The TDStretch::processSamples function allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file. (CVE-2017-9258) * The TDStretch::acceptNewOverlapLength function allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file. (CVE-2017-9259) * The TDStretchSSE::calcCrossCorr function allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file. (CVE-2017-9260) |
| Additional notes | |
| CVE ID | CVE-2017-9258 CVE-2017-9259 CVE-2017-9260 |
| UCS Bug number | #46621 |
