Closed
Description
bchunk 1.2.0 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE file.
Fix committed in 6a053c1 provided by Yegor Timoshenko. Fixed in version 1.2.2.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954
https://www.debian.org/security/2017/dsa-4026