VYPR
Get started
← All advisories
Medium severity5.5NVD Advisory· Published Nov 29, 2017· Updated May 13, 2026

CVE-2017-17054

CVE-2017-17054

Description

In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
aubioPyPI
< 0.4.70.4.7

Affected products

1
  • Aubio/Aubio
    cpe:2.3:a:aubio:aubio:0.4.6:*:*:*:*:*:*:*

Patches

1
25ecb7338ceb

src/io/source_wavread.c: add some input validation (closes: #158)

https://github.com/aubio/aubioPaul BrossierFeb 6, 2018via ghsa
commit
1 file changed · +20 0
  • src/io/source_wavread.c+20 0 modified
    @@ -189,6 +189,26 @@ aubio_source_wavread_t * new_aubio_source_wavread(const char_t * path, uint_t sa
   // BitsPerSample
   bytes_read += fread(buf, 1, 2, s->fid);
   bitspersample = read_little_endian(buf, 2);
+
+  if ( channels == 0 ) {
+    AUBIO_ERR("source_wavread: Failed opening %s (number of channels can not be 0)\n", s->path);
+    goto beach;
+  }
+
+  if ( sr == 0 ) {
+    AUBIO_ERR("source_wavread: Failed opening %s (samplerate can not be 0)\n", s->path);
+    goto beach;
+  }
+
+  if ( byterate == 0 ) {
+    AUBIO_ERR("source_wavread: Failed opening %s (byterate can not be 0)\n", s->path);
+    goto beach;
+  }
+
+  if ( bitspersample == 0 ) {
+    AUBIO_ERR("source_wavread: Failed opening %s (bitspersample can not be 0)\n", s->path);
+    goto beach;
+  }
 #if 0
   if ( bitspersample != 16 ) {
     AUBIO_ERR("source_wavread: can not process %dbit file %s\n",

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

6

News mentions

0

No linked articles in our index yet.