{"id":"CVE-2017-7585","details":"In libsndfile before 1.0.28, an error in the \"flac_buffer_copy()\" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.","modified":"2026-04-11T04:14:44.616525Z","published":"2017-04-07T20:59:00.190Z","related":["MGASA-2017-0168","SUSE-SU-2017:1030-1","SUSE-SU-2017:1040-1","SUSE-SU-2017:1236-1","SUSE-SU-2017:1367-1","openSUSE-SU-2024:10992-1"],"references":[{"type":"ADVISORY","url":"http://www.mega-nerd.com/libsndfile/#History"},{"type":"ADVISORY","url":"http://www.mega-nerd.com/libsndfile/NEWS"},{"type":"ADVISORY","url":"https://secuniaresearch.flexerasoftware.com/secunia_research/2017-4/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201707-04"},{"type":"FIX","url":"https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/erikd/libsndfile","events":[{"introduced":"0"},{"last_affected":"d3d545abf9ed5542b69ded164b36a28338340a6b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.0.27"}]}},{"type":"GIT","repo":"https://github.com/libsndfile/libsndfile","events":[{"introduced":"0"},{"fixed":"60b234301adf258786d8b90be5c1d437fc8799e0"}]}],"versions":["1.0.25","1.0.26","1.0.27"],"database_specific":{"vanir_signatures_modified":"2026-04-11T04:14:44Z","vanir_signatures":[{"target":{"file":"src/flac.c","function":"flac_read_loop"},"digest":{"length":496,"function_hash":"169080564912528090674624408017457554629"},"signature_type":"Function","source":"https://github.com/libsndfile/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0","deprecated":false,"signature_version":"v1","id":"CVE-2017-7585-1b2d10b9"},{"target":{"file":"src/flac.c"},"digest":{"line_hashes":["109114571929507273310220021172740815815","76368128462217476998474735940412218708","303874596321044913956374893106939443276","264720290231741206551401345704081189001","135197557860603977353365421121237074332","263717283414918463731512000258528158035","99473988875365107291149998678668723177","199401478924829965301066403515308793905","59203162092611165790685795512464043510","19630209495980016236699389021759122784","127472803089175278493327389638594133972","195930973569973496231622457582848119489","91490283884465664276103671799831603059","13944221043548351812104027530949724896","109574527705998071928987124103849904768","227635834078458020049011341189234464981","199122207842648883783322305368703206147","836793104164813475992833902021667257","33688393261765994374588592882870440196","234433096601653574015743753327543798381","91088291842320796586954771010102965668","42764800811181595291975281012947374671","308076142000906389299207724540468217286","128999497043501194925248892451091219059","160753735249779509303007042741803534334","219704455362068007023001041133111634127","214083110146677973311463626405359553833","39200702163750044999781941082996055539"],"threshold":0.9},"signature_type":"Line","source":"https://github.com/libsndfile/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0","deprecated":false,"signature_version":"v1","id":"CVE-2017-7585-cd721512"},{"target":{"file":"src/flac.c","function":"flac_buffer_copy"},"digest":{"length":3722,"function_hash":"58142569931487262227866425697707993698"},"signature_type":"Function","source":"https://github.com/libsndfile/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0","deprecated":false,"signature_version":"v1","id":"CVE-2017-7585-fa025f04"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7585.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}