Debian 9859 Published by

Updated libsndfile packages has been released for Debian GNU/Linux 7 LTS



Package : libsndfile
Version : 1.0.25-9.1+deb7u4
CVE ID : CVE-2017-12562
Debian Bug : #869166

It was discovered that there was a heap buffer overflow attack in libsndfile, a
library for reading/writing audio files. An attacker could cause a remote
denial of service attack by tricking the function into outputting a large
amount of data.

For Debian 7 "Wheezy", this issue has been fixed in libsndfile version
1.0.25-9.1+deb7u4.

We recommend that you upgrade your libsndfile packages.