The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. Upstream issue: https://gitlab.com/soundtouch/soundtouch/issues/14 References: https://github.com/TeamSeri0us/pocs/tree/master/soundtouch/2018_09_03
Created soundtouch tracking bugs for this issue: Affects: epel-6 [bug 1631062] Affects: fedora-all [bug 1631061]
Upstream patch: https://gitlab.com/soundtouch/soundtouch/commit/a1c400eb2cff849c0e5f9d6916d69ffea3ad2c85
I'm following [1] , looks to me upstream will release a new version with security fixes for CVE-2018-17096, CVE-2018-17097 and CVE-2018-17098 [1] https://gitlab.com/soundtouch/soundtouch/issues/14