CVE-2014-9496 - The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact

CVE-2014-9496

Summary

The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.

References

Vulnerable Configurations

cpe:2.3:a:libsndfile_project:libsndfile:-:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:-:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:0.0.28:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:0.0.28:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.0:-:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.0:-:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.0:rc6:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.0:rc6:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.10:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.10:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.11:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.11:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.12:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.12:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.13:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.13:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.14:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.14:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.15:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.15:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.16:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.16:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.17:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.17:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.18:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.18:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.19:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.19:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.20:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.20:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.21:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.21:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.22:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.22:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.23:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.23:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.24:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.24:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.25:*:*:*:*:*:*:*
cpe:2.3:a:libsndfile_project:libsndfile:1.0.25:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 20-11-2020 - 17:34)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	71796
bugtraq	20190411 [SECURITY] [DSA 4430-1] wpa security update
confirm	http://advisories.mageia.org/MGASA-2015-0015.html http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html https://github.com/erikd/libsndfile/commit/dbe14f00030af5d3577f4cabbf9861db59e9c378 https://github.com/erikd/libsndfile/issues/93
gentoo	GLSA-201612-03
mandriva	MDVSA-2015:024
mlist	[oss-security] 20150103 Re: Re: CVE Request: libsndfile buffer overread
secunia	62320
suse	openSUSE-SU-2015:0041
ubuntu	USN-2832-1

Last major update

20-11-2020 - 17:34

Published

16-01-2015 - 16:59

Last modified

20-11-2020 - 17:34