FreeBSD: VID-2b386075-1d9c-11e8-b6aa-4ccc6adda413 (CVE-2017-8361): libsndfile -- multiple vulnerabilities

Agostino Sarubbo, Gentoo reports: CVE-2017-8361 (Medium): The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. CVE-2017-8362 (Medium): The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file. CVE-2017-8363 (Medium): The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. CVE-2017-8365 (Medium): The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. manxorist on Github reports: CVE-2017-12562 (High): Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Xin-Jiang on Github reports: CVE-2017-14634 (Medium): In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.