CVE-2017-16942

MEDIUM

libsndfile <1.0.26 - DoS

Title source: llm

Description

In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.

References (2)

[Third Party Advisory] https://github.com/erikd/libsndfile/issues/341

[Vendor Advisory] https://usn.ubuntu.com/4013-1/

Scores

CVSS v3 6.5

EPSS 0.0028

EPSS Percentile 51.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-369

Status draft

Affected Products (1)

libsndfile_project/libsndfile

Timeline

Published Nov 25, 2017

Tracked Since Feb 18, 2026