CVE-2017-9258 - The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows

CVE-2017-9258

Summary

The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file.

References

http://seclists.org/fulldisclosure/2017/Jul/62
https://www.exploit-db.com/exploits/42389/

Vulnerable Configurations

cpe:2.3:a:surina:soundtouch:1.9.2:*:*:*:*:*:*:*
cpe:2.3:a:surina:soundtouch:1.9.2:*:*:*:*:*:*:*

CVSS

Base:	7.1 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

CWE-835

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:C

refmap via4

exploit-db	42389
misc	http://seclists.org/fulldisclosure/2017/Jul/62

Last major update

03-10-2019 - 00:03

Published

27-07-2017 - 06:29

Last modified

03-10-2019 - 00:03