{"affected":[{"ecosystem_specific":{"binaries":[{"libsndfile-devel":"1.0.20-2.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 11 SP4","name":"libsndfile","purl":"pkg:rpm/suse/libsndfile&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.20-2.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsndfile":"1.0.20-2.18.1","libsndfile-32bit":"1.0.20-2.18.1","libsndfile-x86":"1.0.20-2.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"libsndfile","purl":"pkg:rpm/suse/libsndfile&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.20-2.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsndfile":"1.0.20-2.18.1","libsndfile-32bit":"1.0.20-2.18.1","libsndfile-x86":"1.0.20-2.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"libsndfile","purl":"pkg:rpm/suse/libsndfile&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.20-2.18.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for libsndfile fixes the following issues:\n\n- CVE-2017-8362: invalid memory read in flac_buffer_copy (flac.c) (bsc#1036943)\n- CVE-2017-8365: global buffer overflow in i2les_array (pcm.c) (bsc#1036946)\n- CVE-2017-8361: global buffer overflow in flac_buffer_copy (flac.c) (bsc#1036944)\n- CVE-2017-8363: heap-based buffer overflow in flac_buffer_copy (flac.c) (bsc#1036945)\n- CVE-2017-7585: stack-based buffer overflow via a specially crafted FLAC file (bsc#1033054)\n   ","id":"SUSE-SU-2017:1236-1","modified":"2017-05-10T16:36:50Z","published":"2017-05-10T16:36:50Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20171236-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1033054"},{"type":"REPORT","url":"https://bugzilla.suse.com/1033914"},{"type":"REPORT","url":"https://bugzilla.suse.com/1033915"},{"type":"REPORT","url":"https://bugzilla.suse.com/1036943"},{"type":"REPORT","url":"https://bugzilla.suse.com/1036944"},{"type":"REPORT","url":"https://bugzilla.suse.com/1036945"},{"type":"REPORT","url":"https://bugzilla.suse.com/1036946"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7585"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7741"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7742"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-8361"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-8362"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-8363"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-8365"}],"related":["CVE-2017-7585","CVE-2017-7741","CVE-2017-7742","CVE-2017-8361","CVE-2017-8362","CVE-2017-8363","CVE-2017-8365"],"summary":"Security update for libsndfile","upstream":["CVE-2017-7585","CVE-2017-7741","CVE-2017-7742","CVE-2017-8361","CVE-2017-8362","CVE-2017-8363","CVE-2017-8365"]}