CVE-2017-6831
Software
audiofile
Reported Version
0.3.6
Cmd
sfconvert $FILE out.mp3 format aiff
Description
We get the reference PoC(https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp/) from links provided in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831
We manually prove the existence of this vulnerability on other versions (0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7), while the reference PoC fails to trigger it on these versions.
We provide PoCs works for these versions.