{"id":"CVE-2017-6839","details":"Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.","modified":"2026-03-20T11:20:47.638211Z","published":"2017-03-20T16:59:03.030Z","related":["MGASA-2017-0129","SUSE-SU-2017:0940-1","SUSE-SU-2017:1182-1","openSUSE-SU-2024:10640-1"],"references":[{"type":"ADVISORY","url":"https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3814"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2017/03/13/9"},{"type":"FIX","url":"https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9"},{"type":"FIX","url":"https://github.com/mpruett/audiofile/issues/41"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/antlarr/audiofile","events":[{"introduced":"0"},{"fixed":"beacc44eb8cdf6d58717ec1a5103c5141f1b37f9"}]},{"type":"GIT","repo":"https://github.com/mpruett/audiofile","events":[{"introduced":"0"},{"last_affected":"d19a5ace5ae891c778cbc710d78634de6084b846"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.3.6"}]}}],"versions":["audiofile-0.2.1","audiofile-0.2.2","audiofile-0.2.3","audiofile-0.2.4","audiofile-0.2.5","audiofile-0.2.6","audiofile-0.2.7","audiofile-0.3.0","audiofile-0.3.1","audiofile-0.3.2","audiofile-0.3.3","audiofile-0.3.4","audiofile-0.3.5","audiofile-0.3.6"],"database_specific":{"vanir_signatures":[{"deprecated":false,"signature_type":"Function","target":{"function":"decodeSample","file":"libaudiofile/modules/MSADPCM.cpp"},"id":"CVE-2017-6839-09423e28","signature_version":"v1","digest":{"length":493,"function_hash":"269378770409608965799137787203291963241"},"source":"https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9"},{"deprecated":false,"signature_type":"Line","target":{"file":"libaudiofile/modules/BlockCodec.cpp"},"id":"CVE-2017-6839-4a956557","signature_version":"v1","digest":{"line_hashes":["220852203486854632259114265972360760882","99487366264287345918979816126119704450","203135819436998624112124062812465545103","290752388438649776315062149186752115589","223677950085970125698748963094553482553"],"threshold":0.9},"source":"https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9"},{"deprecated":false,"signature_type":"Function","target":{"function":"BlockCodec::runPull","file":"libaudiofile/modules/BlockCodec.cpp"},"id":"CVE-2017-6839-5f755c9b","signature_version":"v1","digest":{"length":735,"function_hash":"37086987969042278410115995477574460137"},"source":"https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9"},{"deprecated":false,"signature_type":"Line","target":{"file":"libaudiofile/modules/MSADPCM.cpp"},"id":"CVE-2017-6839-a929498a","signature_version":"v1","digest":{"line_hashes":["43809085715164095328447423597818484676","137557301359463687782343477738570082876","185036624536393529378376644066663832280","211276807452206746346985070771586213487","14484044583302034278140276155491173105","213509923562726303155028634844162934","309046715169230641191913926761287537935","64993564676721580550357825334597848791","272562106273374523620155220607225095131","43487972156410142414004002451423037967","200613406044906385704156883707001193345","262676619024757633390326687973804762347","81836241829782013104676594440901035105","52275635500431997119244442051151445389","317689651742301767301724927393694340567","283752304825159227858715702157587810050","305910223421070458860802885755228187437","337712090481844601611814139825148700405","176892919657852793178371683718377101479","178760306780470800654701465275712660647","34501833741225456506366995458220628937","208509645371920523152770363137329176484","256228787465506085387718565166232233310","244212447714037888948794784204291158807","262730227877744945216748071566545358210"],"threshold":0.9},"source":"https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9"},{"deprecated":false,"signature_type":"Function","target":{"function":"MSADPCM::decodeBlock","file":"libaudiofile/modules/MSADPCM.cpp"},"id":"CVE-2017-6839-cee1ba4c","signature_version":"v1","digest":{"length":1490,"function_hash":"137115012056432832236390293459518966179"},"source":"https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-6839.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}