Vulnerability Description: A divide-by-zero vulnerability was found in the BlockCodec::runPull function within audiofile's BlockCodec.cpp file. This was discovered via fuzz testing. Affected Version: 0.3.6 CVE Identifier: CVE-2017-6833 Reproducer: A GitHub repository containing the proof-of-concept code to reproduce the issue: https://github.com/asarubbo/poc/blob/master/00187-audiofile-fpe-BlockCodec-runPull Timeline: - 2017-02-20: The vulnerability was discovered and reported to upstream. - 2017-02-20: A blog post detailing the issue was published. - 2017-03-12: A CVE identifier was assigned. Credit: The vulnerability was discovered by Agostino Sarubbo of Gentoo.