Vulnerabilities > CVE-2017-17054 - Divide By Zero vulnerability in Aubio 0.4.6

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

aubio

CWE-369

nessus

NVD

Published: 2017-11-29

Updated: 2017-12-15

Summary

In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file.

Vulnerable Configurations

Part	Description	Count
Application	Aubio Aubio Aubio 0.4.6	1

Common Weakness Enumeration (CWE)

CWE-369 - Divide By Zero

Nessus

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2018-329.NASL
description	This update for aubio fixes the following issues : - CVE-2017-17054: Specially crafted wav files could have been used to cause an application crash (boo#1070399)
last seen	2020-06-05
modified	2018-04-02
plugin id	108784
published	2018-04-02
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/108784
title	openSUSE Security Update : aubio (openSUSE-2018-329)

References

https://github.com/aubio/aubio/issues/148