MidnightBSD

Advisories for surina

CVE-2017-9258 HIGH

The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-835,

Products Affected

Vendor Product Version
surina soundtouch 1.9.2
CVE-2017-9259 MEDIUM

The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
surina soundtouch 1.9.2
CVE-2017-9260 MEDIUM

The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
surina soundtouch 1.9.2
CVE-2018-1000223 MEDIUM

soundtouch version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() that can result in arbitrary code execution. This attack appear to be exploitable via victim must open maliocius file in soundstretch utility.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
surina soundtouch *
CVE-2018-14044 MEDIUM

The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
surina soundtouch 2.0.0
CVE-2018-14045 MEDIUM

The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
surina soundtouch 2.0.0
CVE-2018-17096 MEDIUM

The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
surina soundtouch 2.0.0
CVE-2018-17097 MEDIUM

The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
surina soundtouch 2.0.0
CVE-2018-17098 MEDIUM

The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
surina soundtouch 2.0.0