libSoundTouch1-2.2-1.6 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11393 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libSoundTouch1-2.2-1.6 on GA media These are all security issues fixed in the libSoundTouch1-2.2-1.6 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11393 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11393 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2018-1000223/ SUSE CVE CVE-2018-1000223 page https://www.suse.com/security/cve/CVE-2018-17096/ SUSE CVE CVE-2018-17096 page https://www.suse.com/security/cve/CVE-2018-17097/ SUSE CVE CVE-2018-17097 page https://www.suse.com/security/cve/CVE-2018-17098/ SUSE CVE CVE-2018-17098 page openSUSE Tumbleweed libSoundTouch1-2.2-1.6 libSoundTouch1-32bit-2.2-1.6 soundtouch-2.2-1.6 soundtouch-devel-2.2-1.6 libSoundTouch1-2.2-1.6 as a component of openSUSE Tumbleweed libSoundTouch1-32bit-2.2-1.6 as a component of openSUSE Tumbleweed soundtouch-2.2-1.6 as a component of openSUSE Tumbleweed soundtouch-devel-2.2-1.6 as a component of openSUSE Tumbleweed soundtouch version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() that can result in arbitrary code execution. This attack appear to be exploitable via victim must open maliocius file in soundstretch utility. CVE-2018-1000223 openSUSE Tumbleweed:libSoundTouch1-2.2-1.6 openSUSE Tumbleweed:libSoundTouch1-32bit-2.2-1.6 openSUSE Tumbleweed:soundtouch-2.2-1.6 openSUSE Tumbleweed:soundtouch-devel-2.2-1.6 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-1000223.html CVE-2018-1000223 https://bugzilla.suse.com/1103676 SUSE Bug 1103676 The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. CVE-2018-17096 openSUSE Tumbleweed:libSoundTouch1-2.2-1.6 openSUSE Tumbleweed:libSoundTouch1-32bit-2.2-1.6 openSUSE Tumbleweed:soundtouch-2.2-1.6 openSUSE Tumbleweed:soundtouch-devel-2.2-1.6 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17096.html CVE-2018-17096 https://bugzilla.suse.com/1108630 SUSE Bug 1108630 The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch. CVE-2018-17097 openSUSE Tumbleweed:libSoundTouch1-2.2-1.6 openSUSE Tumbleweed:libSoundTouch1-32bit-2.2-1.6 openSUSE Tumbleweed:soundtouch-2.2-1.6 openSUSE Tumbleweed:soundtouch-devel-2.2-1.6 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17097.html CVE-2018-17097 https://bugzilla.suse.com/1108631 SUSE Bug 1108631 The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch. CVE-2018-17098 openSUSE Tumbleweed:libSoundTouch1-2.2-1.6 openSUSE Tumbleweed:libSoundTouch1-32bit-2.2-1.6 openSUSE Tumbleweed:soundtouch-2.2-1.6 openSUSE Tumbleweed:soundtouch-devel-2.2-1.6 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17098.html CVE-2018-17098 https://bugzilla.suse.com/1108632 SUSE Bug 1108632