CVE-2017-18207

Published: 3/1/2018 Last updated: 8/5/2024 Reserved: 2/28/2018

The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications "need to be prepared to handle a wide variety of exceptions.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (7)

conf-python-2-7 conf-python-2-7-dev conf-python-3 conf-python-3-7 conf-python-3-dev py termbox

Products affected (1)

Product	Vendor	Version
n/a	n/a	21.sp1 ap348942

References (4)

https://bugs.python.org/issue32056
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
https://bugs.python.org/issue32056
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html