{"id":"USN-3241-1","summary":"audiofile vulnerabilities","details":"Agostino Sarubbo discovered that audiofile incorrectly handled certain\nmalformed audio files. If a user or automated system were tricked into\nprocessing a specially crafted audio file, a remote attacker could cause\napplications linked against audiofile to crash, leading to a denial of\nservice, or possibly execute arbitrary code.\n","modified":"2026-02-10T04:41:06Z","published":"2017-03-22T15:51:48Z","related":["UBUNTU-CVE-2017-6827","UBUNTU-CVE-2017-6828","UBUNTU-CVE-2017-6829","UBUNTU-CVE-2017-6830","UBUNTU-CVE-2017-6831","UBUNTU-CVE-2017-6832","UBUNTU-CVE-2017-6833","UBUNTU-CVE-2017-6834","UBUNTU-CVE-2017-6835","UBUNTU-CVE-2017-6836","UBUNTU-CVE-2017-6837","UBUNTU-CVE-2017-6838","UBUNTU-CVE-2017-6839"],"upstream":["CVE-2017-6827","CVE-2017-6828","CVE-2017-6829","CVE-2017-6830","CVE-2017-6831","CVE-2017-6832","CVE-2017-6833","CVE-2017-6834","CVE-2017-6835","CVE-2017-6836","CVE-2017-6837","CVE-2017-6838","CVE-2017-6839","UBUNTU-CVE-2017-6827","UBUNTU-CVE-2017-6828","UBUNTU-CVE-2017-6829","UBUNTU-CVE-2017-6830","UBUNTU-CVE-2017-6831","UBUNTU-CVE-2017-6832","UBUNTU-CVE-2017-6833","UBUNTU-CVE-2017-6834","UBUNTU-CVE-2017-6835","UBUNTU-CVE-2017-6836","UBUNTU-CVE-2017-6837","UBUNTU-CVE-2017-6838","UBUNTU-CVE-2017-6839"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3241-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-6827"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-6828"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-6829"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-6830"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-6831"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-6832"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-6833"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-6834"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-6835"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-6836"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-6837"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-6838"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-6839"}],"affected":[{"package":{"name":"audiofile","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/audiofile@0.3.6-2ubuntu0.14.04.2?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.3.6-2ubuntu0.14.04.2"}]}],"versions":["0.3.6-2","0.3.6-2ubuntu0.14.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"0.3.6-2ubuntu0.14.04.2","binary_name":"audiofile-tools"},{"binary_version":"0.3.6-2ubuntu0.14.04.2","binary_name":"libaudiofile-dev"},{"binary_version":"0.3.6-2ubuntu0.14.04.2","binary_name":"libaudiofile1"}]},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-6827"},{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-6828"},{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-6829"},{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-6830"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-6831"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-6832"},{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-6833"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-6834"},{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2017-6835"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-6836"},{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-6837"},{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-6838"},{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-6839"}],"ecosystem":"Ubuntu:14.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3241-1.json"}}],"schema_version":"1.7.3"}