VDB
CVE-2017-6888
CVE-2017-6888
PUBLISHED
An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.
EPSS 0.29% · 52.6th percentile
Risk Scores
EPSS Score
0.29%
52.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | oxide-qt | 0, 1.11.4-0ubuntu1, 1.10.3-0ubuntu0.15.10.2 |
| Ubuntu:16.04:LTS | android | 20150818-1500-0ubuntu3, 0, 20150818-1500-0ubuntu2 |
| Ubuntu:16.04:LTS | praat | 5.3.16-1ubuntu2, 0, 6.0.4-2ubuntu1 |
| Ubuntu:18.04:LTS | praat | 6.0.30-3, 6.0.37-2, 0 |
| Ubuntu:18.04:LTS | flac | 1.3.2-1, 0 |
| Ubuntu:20.04:LTS | praat | 6.1.05-2, 6.1-1, 6.1.09-1build1 |
| Ubuntu:22.04:LTS | praat | 6.2.03-1, 6.2.09-1, 6.2.07-1 |
| Ubuntu:24.04:LTS | praat | 6.3.14-1, 6.4.06+dfsg-1build2, 0 |
| Ubuntu:25.10 | praat | 6.4.27+dfsg-1, 0, * |
| Ubuntu:Pro:14.04:LTS | flac | 0, 1.3.0-1, 1.3.0-2 |
| Ubuntu:Pro:16.04:LTS | flac | 0, 1.3.1-4 |
Timeline
- Apr 25, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 27, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
- Jan 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-6888 third-party-advisory
- https://secuniaresearch.flexerasoftware.com/advisories/82639/ third-party-advisory
- https://secuniaresearch.flexerasoftware.com/secunia_research/2017-7/ third-party-advisory
- https://ubuntu.com/security/notices/USN-5733-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-6888 third-party-advisory