CVE-2009-4835 - The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_r

CVE-2009-4835

Summary

The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file.

References

Vulnerable Configurations

cpe:2.3:a:mega-nerd:libsndfile:1.0.20:*:*:*:*:*:*:*
cpe:2.3:a:mega-nerd:libsndfile:1.0.20:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 11-05-2010 - 04:00)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

bid	35126
confirm	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831
secunia	35266
vupen	ADV-2009-1446

statements via4

contributor	Joshua Bressers
lastmodified	2010-05-06
organization	Red Hat
statement	Red Hat does not consider this issue to be a security flaw. The libsndfile library is not used outside of client applications, where crashes are not considered to be security flaws.

Last major update

11-05-2010 - 04:00

Published

06-05-2010 - 12:47

Last modified

11-05-2010 - 04:00