{"id":"USN-3241-1","summary":"audiofile vulnerabilities","details":"Agostino Sarubbo discovered that audiofile incorrectly handled certain\nmalformed audio files. If a user or automated system were tricked into\nprocessing a specially crafted audio file, a remote attacker could cause\napplications linked against audiofile to crash, leading to a denial of\nservice, or possibly execute arbitrary code.\n","modified":"2026-02-10T04:41:06Z","published":"2017-03-22T15:51:48Z","related":["UBUNTU-CVE-2017-6827","UBUNTU-CVE-2017-6828","UBUNTU-CVE-2017-6829","UBUNTU-CVE-2017-6830","UBUNTU-CVE-2017-6831","UBUNTU-CVE-2017-6832","UBUNTU-CVE-2017-6833","UBUNTU-CVE-2017-6834","UBUNTU-CVE-2017-6835","UBUNTU-CVE-2017-6836","UBUNTU-CVE-2017-6837","UBUNTU-CVE-2017-6838","UBUNTU-CVE-2017-6839"],"upstream":["CVE-2017-6827","CVE-2017-6828","CVE-2017-6829","CVE-2017-6830","CVE-2017-6831","CVE-2017-6832","CVE-2017-6833","CVE-2017-6834","CVE-2017-6835","CVE-2017-6836","CVE-2017-6837","CVE-2017-6838","CVE-2017-6839","UBUNTU-CVE-2017-6827","UBUNTU-CVE-2017-6828","UBUNTU-CVE-2017-6829","UBUNTU-CVE-2017-6830","UBUNTU-CVE-2017-6831","UBUNTU-CVE-2017-6832","UBUNTU-CVE-2017-6833","UBUNTU-CVE-2017-6834","UBUNTU-CVE-2017-6835","UBUNTU-CVE-2017-6836","UBUNTU-CVE-2017-6837","UBUNTU-CVE-2017-6838","UBUNTU-CVE-2017-6839"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3241-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-6827"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-6828"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-6829"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-6830"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-6831"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-6832"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-6833"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-6834"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-6835"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-6836"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-6837"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-6838"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-6839"}],"affected":[{"package":{"name":"audiofile","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/audiofile@0.3.6-2ubuntu0.14.04.2?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.3.6-2ubuntu0.14.04.2"}]}],"versions":["0.3.6-2","0.3.6-2ubuntu0.14.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"audiofile-tools","binary_version":"0.3.6-2ubuntu0.14.04.2"},{"binary_name":"libaudiofile-dev","binary_version":"0.3.6-2ubuntu0.14.04.2"},{"binary_name":"libaudiofile1","binary_version":"0.3.6-2ubuntu0.14.04.2"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2017-6827","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2017-6828","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2017-6829","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2017-6830","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2017-6831","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2017-6832","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2017-6833","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2017-6834","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2017-6835","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2017-6836","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2017-6837","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2017-6838","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2017-6839","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:14.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3241-1.json"}}],"schema_version":"1.7.3"}