{
  "threat_severity" : "Low",
  "public_date" : "2017-03-26T00:00:00Z",
  "bugzilla" : {
    "description" : "libsndfile: Error in header_read() causing stack-based buffer overflow",
    "id" : "1440758",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1440758"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-121",
  "details" : [ "In libsndfile before 1.0.28, an error in the \"header_read()\" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.", "A buffer overflow flaw was found in the way libsndfile handled ID3 tags. This flaw could potentially be used to crash the application using libsndfile by tricking the application into processing specially crafted FLAC files." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "libsndfile",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "libsndfile",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-7586\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7586" ],
  "name" : "CVE-2017-7586",
  "csaw" : false
}