{"id":"MGASA-2018-0331","summary":"Updated soundtouch packages fix security vulnerabilities","details":"Updated soundtouch package fixes security vulnerabilities:\n\nThe TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp\nin SoundTouch 1.9.2 allows remote attackers to cause a denial of service\n(infinite loop and CPU consumption) via a crafted wav file (CVE-2017-9258).\n\nThe TDStretch::acceptNewOverlapLength function in source/SoundTouch/\nTDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial\nof service (memory allocation error and application crash) via a crafted\nwav file (CVE-2017-9259).\n\nThe TDStretchSSE::calcCrossCorr function in source/SoundTouch/\nsse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a\ndenial of service (heap-based buffer over-read and application crash) via\na crafted wav file (CVE-2017-9260).\n","modified":"2026-04-16T06:24:50.290400411Z","published":"2018-08-10T14:37:39Z","upstream":["CVE-2017-9258","CVE-2017-9259","CVE-2017-9260"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0331.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23323"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DBNLS5JI6AFPGYDJHBRYWMSVRPRNVQCN/"}],"affected":[{"package":{"name":"soundtouch","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/soundtouch?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.9.2-2.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0331.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}