{"affected":[{"ecosystem_specific":{"binaries":[{"libSoundTouch0":"1.7.1-5.6.1","libSoundTouch0-32bit":"1.7.1-5.6.1","soundtouch":"1.7.1-5.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP4","name":"soundtouch","purl":"pkg:rpm/suse/soundtouch&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.1-5.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"soundtouch":"1.7.1-5.6.1","soundtouch-devel":"1.7.1-5.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP4","name":"soundtouch","purl":"pkg:rpm/suse/soundtouch&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.1-5.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libSoundTouch0":"1.7.1-5.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP4","name":"soundtouch","purl":"pkg:rpm/suse/soundtouch&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.1-5.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libSoundTouch0":"1.7.1-5.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP4","name":"soundtouch","purl":"pkg:rpm/suse/soundtouch&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.1-5.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libSoundTouch0-32bit":"1.7.1-5.6.1","soundtouch":"1.7.1-5.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 12 SP4","name":"soundtouch","purl":"pkg:rpm/suse/soundtouch&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.1-5.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for soundtouch fixes the following issues:\n\n- CVE-2018-17098: The WavFileBase class allowed remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch. (bsc#1108632)\n- CVE-2018-17097: The WavFileBase class allowed remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch. (double free) (bsc#1108631)\n- CVE-2018-17096: The BPMDetect class allowed remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. (bsc#1108630)\n","id":"SUSE-SU-2018:3606-2","modified":"2018-12-10T13:53:31Z","published":"2018-12-10T13:53:31Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20183606-2/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1108630"},{"type":"REPORT","url":"https://bugzilla.suse.com/1108631"},{"type":"REPORT","url":"https://bugzilla.suse.com/1108632"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17096"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17097"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17098"}],"related":["CVE-2018-17096","CVE-2018-17097","CVE-2018-17098"],"summary":"Security update for soundtouch","upstream":["CVE-2018-17096","CVE-2018-17097","CVE-2018-17098"]}