ID CVE-2009-4835
Summary The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file.
References
Vulnerable Configurations
  • cpe:2.3:a:mega-nerd:libsndfile:1.0.20
    cpe:2.3:a:mega-nerd:libsndfile:1.0.20
CVSS
Base: 4.3 (as of 06-05-2010 - 10:36)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_LIBSNDFILE-110719.NASL
    description An integer overflow in libsndfile while processing certain PAF files has been fixed. CVE-2011-2696 has been assigned to this issue. Additionally an divide by zero (CVE-2009-4835) has been fixed.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75613
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75613
    title openSUSE Security Update : libsndfile (openSUSE-SU-2011:0854-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBSNDFILE-7638.NASL
    description An integer overflow in libsndfile while processing certain PAF files has been fixed. CVE-2011-2696 has been assigned to this issue. Additionally an divide by zero error (CVE-2009-4835) has been fixed.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 55746
    published 2011-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55746
    title SuSE 10 Security Update : libsndfile (ZYPP Patch Number 7638)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBSNDFILE-110719.NASL
    description An integer overflow in libsndfile while processing certain PAF files has been fixed. CVE-2011-2696 has been assigned to this issue. Additionally a divide by zero error (CVE-2009-4835) has been fixed.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 55745
    published 2011-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55745
    title SuSE 11.1 Security Update : libsndfile (SAT Patch Number 4902)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBSNDFILE-7639.NASL
    description An integer overflow in libsndfile while processing certain PAF files has been fixed. CVE-2011-2696 has been assigned to this issue. Additionally a divide by zero error (CVE-2009-4835) has been fixed.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 57220
    published 2011-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57220
    title SuSE 10 Security Update : libsndfile (ZYPP Patch Number 7639)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-150.NASL
    description A vulnerability has been discovered and corrected in libsndfile : The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file (CVE-2009-4835). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 48336
    published 2010-08-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48336
    title Mandriva Linux Security Advisory : libsndfile (MDVSA-2010:150)
refmap via4
bid 35126
confirm http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831
secunia 35266
vupen ADV-2009-1446
statements via4
contributor Joshua Bressers
lastmodified 2010-05-06
organization Red Hat
statement Red Hat does not consider this issue to be a security flaw. The libsndfile library is not used outside of client applications, where crashes are not considered to be security flaws.
Last major update 11-05-2010 - 00:00
Published 06-05-2010 - 08:47
Back to Top