Vulnerabilites related to libsndfile_project - libsndfile
Vulnerability from fkie_nvd
Published
2022-03-23 20:15
Modified
2024-11-21 06:37
Severity ?
Summary
An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | 1.1.10 | |
debian | debian_linux | 9.0 | |
debian | debian_linux | 10.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "820C772A-84DE-406C-881A-3C3D116315F4", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An out-of-bounds read flaw was found in libsndfile\u0027s FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws." }, { "lang": "es", "value": "Se ha encontrado un fallo de lectura fuera de l\u00edmites en la funcionalidad del c\u00f3dec FLAC de libsndfile. Un atacante que sea capaz de enviar un archivo especialmente dise\u00f1ado (por medio de enga\u00f1ar a un usuario para que lo abra o de otro modo) a una aplicaci\u00f3n enlazada con libsndfile y que use el c\u00f3dec FLAC, podr\u00eda desencadenar una lectura fuera de l\u00edmites que muy probablemente causar\u00eda un fallo, pero podr\u00eda filtrar informaci\u00f3n de la memoria que podr\u00eda usarse en una explotaci\u00f3n posterior de otros fallos" } ], "id": "CVE-2021-4156", "lastModified": "2024-11-21T06:37:01.650", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-03-23T20:15:10.097", "references": [ { "source": "secalert@redhat.com", "tags": [ "Exploit", "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027690" }, { "source": "secalert@redhat.com", "tags": [ "Exploit", "Issue Tracking", "Third Party Advisory" ], "url": "https://github.com/libsndfile/libsndfile/issues/731" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/libsndfile/libsndfile/pull/732/commits/4c30646abf7834e406f7e2429c70bc254e18beab" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00020.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00036.html" }, { "source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202309-11" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027690" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking", "Third Party Advisory" ], "url": "https://github.com/libsndfile/libsndfile/issues/731" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/libsndfile/libsndfile/pull/732/commits/4c30646abf7834e406f7e2429c70bc254e18beab" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00020.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00036.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202309-11" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "secalert@redhat.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-11-22 05:29
Modified
2024-11-21 03:57
Severity ?
Summary
An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.securityfocus.com/bid/105996 | Third Party Advisory, VDB Entry | |
cve@mitre.org | https://github.com/erikd/libsndfile/issues/427 | Exploit, Patch, Third Party Advisory | |
cve@mitre.org | https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html | Mailing List, Third Party Advisory | |
cve@mitre.org | https://usn.ubuntu.com/4013-1/ | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105996 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/erikd/libsndfile/issues/427 | Exploit, Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4013-1/ |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | 1.0.28 | |
debian | debian_linux | 8.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:1.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "233F513A-E8C3-4B55-BA92-6A814D3A7CED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service." }, { "lang": "es", "value": "Se ha descubierto un problema en libsndfile 1.0.28. Existe una desreferencia de puntero NULL en la funci\u00f3n sf_write_int en sndfile.c que provocar\u00eda un ataque de denegaci\u00f3n de servicio (DoS)." } ], "id": "CVE-2018-19432", "lastModified": "2024-11-21T03:57:54.260", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-11-22T05:29:00.717", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/105996" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/issues/427" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4013-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/105996" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/issues/427" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4013-1/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2015-11-19 20:59
Modified
2024-11-21 02:21
Severity ?
Summary
The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | * | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 15.04 | |
canonical | ubuntu_linux | 15.10 | |
opensuse | leap | 42.1 | |
opensuse | opensuse | 13.1 | |
opensuse | opensuse | 13.2 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:*:*:*:*:*:*:*:*", "matchCriteriaId": "35427800-460C-4B42-B2AA-936ADD3D7BB6", "versionEndExcluding": "1.0.26", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable." }, { "lang": "es", "value": "La funci\u00f3n psf_fwrite en file_io.c en libsndfile permite a atacantes causar una denegaci\u00f3n de servicio (error de divisi\u00f3n por cero y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de vectores no especificados relacionados con la variable headindex." } ], "id": "CVE-2014-9756", "lastModified": "2024-11-21T02:21:36.137", "metrics": { "cvssMetricV2": [ { "acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2015-11-19T20:59:00.173", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00077.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00145.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2014/12/24/3" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2015/11/03/9" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2832-1" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/issues/92" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00077.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00145.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2014/12/24/3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2015/11/03/9" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2832-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/issues/92" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-369" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-09-21 13:29
Modified
2024-11-21 03:12
Severity ?
Summary
An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | 1.0.28 | |
debian | debian_linux | 8.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:1.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "233F513A-E8C3-4B55-BA92-6A814D3A7CED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values." }, { "lang": "es", "value": "Una lectura fuera de l\u00edmites en la funci\u00f3n d2ulaw_array() en ulaw.c de libsndfile 1.0.28 podr\u00eda acabar en un ataque remoto de denegaci\u00f3n de servicio o de fuga de informaci\u00f3n relacionado con la mala gesti\u00f3n de los valores de puntos flotantes NAN e INFINITY." } ], "id": "CVE-2017-14246", "lastModified": "2024-11-21T03:12:24.047", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-09-21T13:29:00.233", "references": [ { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/issues/317" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" }, { "source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/202007-65" }, { "source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4013-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/issues/317" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202007-65" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4013-1/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-11-30 03:29
Modified
2024-11-21 03:58
Severity ?
Summary
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1643812 | Exploit, Issue Tracking, Third Party Advisory | |
cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/01/msg00008.html | Mailing List, Third Party Advisory | |
cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html | ||
cve@mitre.org | https://usn.ubuntu.com/4013-1/ | ||
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1643812 | Exploit, Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/01/msg00008.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4013-1/ |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | 1.0.28 | |
debian | debian_linux | 8.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:1.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "233F513A-E8C3-4B55-BA92-6A814D3A7CED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service." }, { "lang": "es", "value": "Existe una sobrelectura de b\u00fafer basada en memoria din\u00e1mica (heap) en wav.c en wav_write_header en libsndfile 1.0.28 que provoca una denegaci\u00f3n de servicio (DoS)." } ], "id": "CVE-2018-19758", "lastModified": "2024-11-21T03:58:29.300", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-11-30T03:29:00.390", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643812" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00008.html" }, { "source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" }, { "source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4013-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643812" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00008.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4013-1/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-07-04 14:29
Modified
2024-11-21 03:46
Severity ?
Summary
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://github.com/erikd/libsndfile/issues/397 | Issue Tracking, Third Party Advisory | |
cve@mitre.org | https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html | Mailing List, Third Party Advisory | |
cve@mitre.org | https://security.gentoo.org/glsa/201811-23 | Third Party Advisory | |
cve@mitre.org | https://usn.ubuntu.com/4013-1/ | ||
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/erikd/libsndfile/issues/397 | Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201811-23 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4013-1/ |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | 1.0.28 | |
debian | debian_linux | 8.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:1.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "233F513A-E8C3-4B55-BA92-6A814D3A7CED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave." }, { "lang": "es", "value": "Un desbordamiento de b\u00fafer basado en pila en psf_memset en common.c en libsndfile 1.0.28 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (cierre inesperado de la aplicaci\u00f3n) o, posiblemente, provocar cualquier otro tipo de problema mediante un archivo de audio manipulado. La vulnerabilidad puede ser desencadenada por el ejecutable sndfile-deinterleave." } ], "id": "CVE-2018-13139", "lastModified": "2024-11-21T03:46:30.480", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-07-04T14:29:00.263", "references": [ { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/issues/397" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201811-23" }, { "source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4013-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/issues/397" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201811-23" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4013-1/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-07-18 14:15
Modified
2024-11-21 07:07
Severity ?
Summary
Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://github.com/libsndfile/libsndfile/issues/789 | Issue Tracking | |
cve@mitre.org | https://github.com/libsndfile/libsndfile/issues/833 | Exploit, Issue Tracking | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/libsndfile/libsndfile/issues/789 | Issue Tracking | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/libsndfile/libsndfile/issues/833 | Exploit, Issue Tracking |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:-:*:*:*:*:*:*:*", "matchCriteriaId": "858E091D-CA49-4AEA-9DE8-FE2047C882D1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts." } ], "id": "CVE-2022-33065", "lastModified": "2024-11-21T07:07:29.823", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-07-18T14:15:12.033", "references": [ { "source": "cve@mitre.org", "tags": [ "Issue Tracking" ], "url": "https://github.com/libsndfile/libsndfile/issues/789" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Issue Tracking" ], "url": "https://github.com/libsndfile/libsndfile/issues/833" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking" ], "url": "https://github.com/libsndfile/libsndfile/issues/789" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking" ], "url": "https://github.com/libsndfile/libsndfile/issues/833" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-04-30 19:59
Modified
2024-11-21 03:33
Severity ?
Summary
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://blogs.gentoo.org/ago/2017/04/29/libsndfile-heap-based-buffer-overflow-in-flac_buffer_copy-flac-c/ | Patch, Third Party Advisory, VDB Entry | |
cve@mitre.org | https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html | Mailing List, Third Party Advisory | |
cve@mitre.org | https://security.gentoo.org/glsa/201811-23 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://blogs.gentoo.org/ago/2017/04/29/libsndfile-heap-based-buffer-overflow-in-flac_buffer_copy-flac-c/ | Patch, Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201811-23 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | 1.0.28 | |
debian | debian_linux | 8.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:1.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "233F513A-E8C3-4B55-BA92-6A814D3A7CED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file." }, { "lang": "es", "value": "La funci\u00f3n flac_buffer_copy de flac.c en libsndfile 1.0.28 permite a los atacantes remotos provocar una denegaci\u00f3n de servicio (sobre lectura de buffer basado en memoria din\u00e1mica y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un archivo de audio." } ], "id": "CVE-2017-8363", "lastModified": "2024-11-21T03:33:52.280", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-04-30T19:59:00.257", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "VDB Entry" ], "url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-heap-based-buffer-overflow-in-flac_buffer_copy-flac-c/" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201811-23" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "VDB Entry" ], "url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-heap-based-buffer-overflow-in-flac_buffer_copy-flac-c/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201811-23" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-04-12 18:59
Modified
2024-11-21 03:32
Severity ?
Summary
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:*:*:*:*:*:*:*:*", "matchCriteriaId": "59548F6B-A7DD-4844-8347-79E7FEBF8280", "versionEndIncluding": "1.0.27", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In libsndfile before 1.0.28, an error in the \"flac_buffer_copy()\" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585." }, { "lang": "es", "value": "En libsndfile en versiones anteriores a 1.0.28, se puede explotar un error en la funci\u00f3n \"flac_buffer_copy()\" (flac.c) para provocar una violaci\u00f3n de segmentaci\u00f3n (con acceso a memoria le\u00edda) a trav\u00e9s de un archivo FLAC especialmente manipulado durante un intento de remuestreo, un problema similar a CVE-2017-7585." } ], "id": "CVE-2017-7742", "lastModified": "2024-11-21T03:32:33.957", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-04-12T18:59:00.190", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Third Party Advisory" ], "url": "https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0" }, { "source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201707-04" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Third Party Advisory" ], "url": "https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201707-04" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-11-25 17:29
Modified
2024-11-21 03:17
Severity ?
Summary
In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | 1.0.25 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:1.0.25:*:*:*:*:*:*:*", "matchCriteriaId": "BA0B807C-1C00-41C6-AB2B-63E520C71DED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file." }, { "lang": "es", "value": "En libsndfile 1.0.25 (solucionado en 1.0.26), existe un error de divisi\u00f3n entre cero en la funci\u00f3n wav_w64_read_fmt_chunk() en wav_w64.c, lo que puede provocar una denegaci\u00f3n de servicio cuando se reproduzca un archivo de audio manipulado." } ], "id": "CVE-2017-16942", "lastModified": "2024-11-21T03:17:17.323", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-11-25T17:29:00.197", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/issues/341" }, { "source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4013-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/issues/341" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4013-1/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-369" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-04-30 19:59
Modified
2024-11-21 03:33
Severity ?
Summary
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://blogs.gentoo.org/ago/2017/04/29/libsndfile-invalid-memory-read-in-flac_buffer_copy-flac-c/ | Patch, Third Party Advisory, VDB Entry | |
cve@mitre.org | https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html | Mailing List, Third Party Advisory | |
cve@mitre.org | https://security.gentoo.org/glsa/201811-23 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://blogs.gentoo.org/ago/2017/04/29/libsndfile-invalid-memory-read-in-flac_buffer_copy-flac-c/ | Patch, Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201811-23 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | 1.0.28 | |
debian | debian_linux | 8.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:1.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "233F513A-E8C3-4B55-BA92-6A814D3A7CED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file." }, { "lang": "es", "value": "La funci\u00f3n flac_buffer_copy de flac.c en libsndfile 1.0.28 permite a los atacantes remotos provocar una denegaci\u00f3n de servicio (lectura no v\u00e1lida y bloqueo de la aplicaci\u00f3n) a trav\u00e9s de un archivo de audio." } ], "id": "CVE-2017-8362", "lastModified": "2024-11-21T03:33:52.120", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-04-30T19:59:00.227", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "VDB Entry" ], "url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-invalid-memory-read-in-flac_buffer_copy-flac-c/" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201811-23" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "VDB Entry" ], "url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-invalid-memory-read-in-flac_buffer_copy-flac-c/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201811-23" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2024-10-27 22:15
Modified
2024-10-31 00:58
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://github.com/libsndfile/libsndfile/issues/1034 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E71DB9F-FE9E-4369-8473-8D7B860D03DE", "versionEndIncluding": "1.2.2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close." }, { "lang": "es", "value": "libsndfile hasta 1.2.2 tiene una afirmaci\u00f3n alcanzable, que puede llevar a la salida de la aplicaci\u00f3n, en mpeg_l3_encode.c mpeg_l3_encoder_close." } ], "id": "CVE-2024-50613", "lastModified": "2024-10-31T00:58:54.497", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] }, "published": "2024-10-27T22:15:03.660", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/libsndfile/libsndfile/issues/1034" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-617" } ], "source": "nvd@nist.gov", "type": "Primary" }, { "description": [ { "lang": "en", "value": "CWE-617" } ], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] }
Vulnerability from fkie_nvd
Published
2015-01-16 16:59
Modified
2024-11-21 02:21
Severity ?
Summary
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | * | |
opensuse | opensuse | 13.1 | |
opensuse | opensuse | 13.2 | |
debian | debian_linux | 9.0 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 15.04 | |
canonical | ubuntu_linux | 15.10 | |
oracle | solaris | 11.2 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:*:*:*:*:*:*:*:*", "matchCriteriaId": "35427800-460C-4B42-B2AA-936ADD3D7BB6", "versionEndExcluding": "1.0.26", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*", "matchCriteriaId": "0B1C288F-326B-497B-B26C-D26E01262DDB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read." }, { "lang": "es", "value": "La funci\u00f3n sd2_parse_rsrc_fork en sd2.c en libsndfile permite a atacantes tener un impacto no especificado a trav\u00e9s de vectores relacionados con un (1) desplazamiento de mapa o (2) marcador rsrc, lo que provoca una lectura fuera de rango." } ], "id": "CVE-2014-9496", "lastModified": "2024-11-21T02:21:01.430", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2015-01-16T16:59:16.030", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://advisories.mageia.org/MGASA-2015-0015.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00016.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/62320" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:024" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2015/01/04/4" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/71796" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2832-1" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/commit/dbe14f00030af5d3577f4cabbf9861db59e9c378" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/issues/93" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://seclists.org/bugtraq/2019/Apr/23" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201612-03" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://advisories.mageia.org/MGASA-2015-0015.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/62320" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:024" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2015/01/04/4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/71796" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2832-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/commit/dbe14f00030af5d3577f4cabbf9861db59e9c378" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/issues/93" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://seclists.org/bugtraq/2019/Apr/23" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201612-03" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-04-30 19:59
Modified
2024-11-21 03:33
Severity ?
Summary
The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-i2les_array-pcm-c/ | Patch, Third Party Advisory, VDB Entry | |
cve@mitre.org | https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html | Mailing List, Third Party Advisory | |
cve@mitre.org | https://security.gentoo.org/glsa/201811-23 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-i2les_array-pcm-c/ | Patch, Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201811-23 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | 1.0.28 | |
debian | debian_linux | 8.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:1.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "233F513A-E8C3-4B55-BA92-6A814D3A7CED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file." }, { "lang": "es", "value": "La funci\u00f3n i2les_array en pcm.c en libsndfile 1.0.28 permite a los atacantes remotos provocar una denegaci\u00f3n de servicio (sobre-lectura del b\u00fafer y caida de aplicaci\u00f3n) a trav\u00e9s de un archivo de audio." } ], "id": "CVE-2017-8365", "lastModified": "2024-11-21T03:33:52.587", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-04-30T19:59:00.320", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "VDB Entry" ], "url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-i2les_array-pcm-c/" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201811-23" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "VDB Entry" ], "url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-i2les_array-pcm-c/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201811-23" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-04-07 20:59
Modified
2024-11-21 03:32
Severity ?
Summary
In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:*:*:*:*:*:*:*:*", "matchCriteriaId": "59548F6B-A7DD-4844-8347-79E7FEBF8280", "versionEndIncluding": "1.0.27", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In libsndfile before 1.0.28, an error in the \"header_read()\" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file." }, { "lang": "es", "value": "En libsndfile en versiones anteriores a 1.0.28, un error en la funci\u00f3n \"header_read()\" (common.c) cuando se manejan etiquetas ID3 pueden ser explotados para provocar un desbordamiento de b\u00fafer basado en pila a trav\u00e9s de un archivo FLAC especialmente manipulado." } ], "id": "CVE-2017-7586", "lastModified": "2024-11-21T03:32:13.200", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-04-07T20:59:00.220", "references": [ { "source": "cve@mitre.org", "tags": [ "Product", "Release Notes" ], "url": "http://www.mega-nerd.com/libsndfile/#History" }, { "source": "cve@mitre.org", "tags": [ "Release Notes" ], "url": "http://www.mega-nerd.com/libsndfile/NEWS" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/97522" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "https://github.com/erikd/libsndfile/commit/708e996c87c5fae77b104ccfeb8f6db784c32074" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "https://github.com/erikd/libsndfile/commit/f457b7b5ecfe91697ed01cfc825772c4d8de1236" }, { "source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201707-04" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Product", "Release Notes" ], "url": "http://www.mega-nerd.com/libsndfile/#History" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes" ], "url": "http://www.mega-nerd.com/libsndfile/NEWS" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/97522" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "https://github.com/erikd/libsndfile/commit/708e996c87c5fae77b104ccfeb8f6db784c32074" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "https://github.com/erikd/libsndfile/commit/f457b7b5ecfe91697ed01cfc825772c4d8de1236" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201707-04" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-11-29 08:29
Modified
2024-11-21 03:58
Severity ?
Summary
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://github.com/erikd/libsndfile/issues/429 | Exploit, Patch, Third Party Advisory | |
cve@mitre.org | https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html | Mailing List, Third Party Advisory | |
cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html | ||
cve@mitre.org | https://usn.ubuntu.com/4013-1/ | ||
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/erikd/libsndfile/issues/429 | Exploit, Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4013-1/ |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | 1.0.28 | |
debian | debian_linux | 8.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:1.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "233F513A-E8C3-4B55-BA92-6A814D3A7CED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service." }, { "lang": "es", "value": "Se ha descubierto un problema en libsndfile 1.0.28. Existe una sobrelectura de b\u00fafer en la funci\u00f3n i2alaw_array en alaw.c que provoca una denegaci\u00f3n de servicio." } ], "id": "CVE-2018-19662", "lastModified": "2024-11-21T03:58:22.733", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-11-29T08:29:00.300", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/issues/429" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" }, { "source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4013-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/issues/429" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4013-1/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-05 17:29
Modified
2024-11-21 03:09
Severity ?
Summary
Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://github.com/erikd/libsndfile/issues/292 | Issue Tracking, Patch, Third Party Advisory | |
cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/06/msg00020.html | Mailing List, Third Party Advisory | |
cve@mitre.org | https://security.gentoo.org/glsa/201811-23 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/erikd/libsndfile/issues/292 | Issue Tracking, Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/06/msg00020.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201811-23 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | 1.0.28 | |
debian | debian_linux | 9.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:1.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "233F513A-E8C3-4B55-BA92-6A814D3A7CED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact." }, { "lang": "es", "value": "Un desbordamiento de b\u00fafer basado en memoria din\u00e1mica en la funci\u00f3n psf_binheader_writef en common.c en la versi\u00f3n 1.0.28 de libsndfile permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o, posiblemente, causar cualquier otro tipo de impacto." } ], "id": "CVE-2017-12562", "lastModified": "2024-11-21T03:09:45.607", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-05T17:29:00.160", "references": [ { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/issues/292" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00020.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201811-23" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/issues/292" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00020.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201811-23" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-11-29 08:29
Modified
2024-11-21 03:58
Severity ?
Summary
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | 1.0.28 | |
debian | debian_linux | 8.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:1.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "233F513A-E8C3-4B55-BA92-6A814D3A7CED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service." }, { "lang": "es", "value": "Se ha descubierto un problema en libsndfile 1.0.28. Existe una sobrelectura de b\u00fafer en la funci\u00f3n i2ulaw_array en ulaw.c que provoca una denegaci\u00f3n de servicio." } ], "id": "CVE-2018-19661", "lastModified": "2024-11-21T03:58:22.580", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-11-29T08:29:00.240", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/issues/429" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" }, { "source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4013-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/issues/429" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4013-1/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-09-21 07:29
Modified
2024-11-21 03:13
Severity ?
Summary
In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://github.com/erikd/libsndfile/issues/318 | Third Party Advisory | |
cve@mitre.org | https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html | Issue Tracking, Mailing List, Third Party Advisory | |
cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html | ||
cve@mitre.org | https://security.gentoo.org/glsa/201811-23 | Third Party Advisory | |
cve@mitre.org | https://usn.ubuntu.com/4013-1/ | ||
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/erikd/libsndfile/issues/318 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html | Issue Tracking, Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201811-23 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4013-1/ |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | 1.0.28 | |
debian | debian_linux | 8.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:1.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "233F513A-E8C3-4B55-BA92-6A814D3A7CED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file." }, { "lang": "es", "value": "En libsndfile 1.0.28, existe un error de divisi\u00f3n entre cero en la funci\u00f3n double64_init() en double64.c, lo que puede provocar una denegaci\u00f3n de servicio cuando se reproduzca un archivo de audio manipulado." } ], "id": "CVE-2017-14634", "lastModified": "2024-11-21T03:13:15.130", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-09-21T07:29:00.453", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/issues/318" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201811-23" }, { "source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4013-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/issues/318" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201811-23" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4013-1/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-369" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-04-30 19:59
Modified
2024-11-21 03:33
Severity ?
Summary
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-flac_buffer_copy-flac-c/ | Patch, Third Party Advisory, VDB Entry | |
cve@mitre.org | https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html | Issue Tracking, Third Party Advisory | |
cve@mitre.org | https://security.gentoo.org/glsa/201811-23 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-flac_buffer_copy-flac-c/ | Patch, Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html | Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201811-23 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | 1.0.28 | |
debian | debian_linux | 8.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:1.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "233F513A-E8C3-4B55-BA92-6A814D3A7CED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file." }, { "lang": "es", "value": "La funci\u00f3n flac_buffer_copy de flac.c en libsndfile 1.0.28 permite a los atacantes remotos provocar una denegaci\u00f3n de servicio (desbordamiento de b\u00fafer y bloqueo de la aplicaci\u00f3n) o posiblemente tener otro impacto no especificado, mediante un archivo de audio." } ], "id": "CVE-2017-8361", "lastModified": "2024-11-21T03:33:51.967", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-04-30T19:59:00.197", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "VDB Entry" ], "url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-flac_buffer_copy-flac-c/" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201811-23" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "VDB Entry" ], "url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-flac_buffer_copy-flac-c/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201811-23" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-04-07 20:59
Modified
2024-11-21 03:32
Severity ?
Summary
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:*:*:*:*:*:*:*:*", "matchCriteriaId": "59548F6B-A7DD-4844-8347-79E7FEBF8280", "versionEndIncluding": "1.0.27", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In libsndfile before 1.0.28, an error in the \"flac_buffer_copy()\" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file." }, { "lang": "es", "value": "En libsndfile en versiones anteriores a 1.0.28, un error en la funci\u00f3n \"flac_buffer_copy()\" (flac.c) puede ser explotada para provocar un desbordamiento de b\u00fafer basado en pila a trav\u00e9s de un archivo FLAC especialmente manipulado." } ], "id": "CVE-2017-7585", "lastModified": "2024-11-21T03:32:13.053", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-04-07T20:59:00.190", "references": [ { "source": "cve@mitre.org", "tags": [ "Product", "Release Notes" ], "url": "http://www.mega-nerd.com/libsndfile/#History" }, { "source": "cve@mitre.org", "tags": [ "Release Notes" ], "url": "http://www.mega-nerd.com/libsndfile/NEWS" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-4/" }, { "source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201707-04" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Product", "Release Notes" ], "url": "http://www.mega-nerd.com/libsndfile/#History" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes" ], "url": "http://www.mega-nerd.com/libsndfile/NEWS" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-4/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201707-04" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-04-12 18:59
Modified
2024-11-21 03:32
Severity ?
Summary
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:*:*:*:*:*:*:*:*", "matchCriteriaId": "59548F6B-A7DD-4844-8347-79E7FEBF8280", "versionEndIncluding": "1.0.27", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In libsndfile before 1.0.28, an error in the \"flac_buffer_copy()\" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585." }, { "lang": "es", "value": "En libsndfile en versiones anteriores a 1.0.28, se puede explotar un error en la funci\u00f3n \"flac_buffer_copy()\" function (flac.c) para provocar una violaci\u00f3n de segmentaci\u00f3n (con acceso a memoria de escritura) a trav\u00e9s de un archivo FLAC especialmente manipulado durante un intento de remuestreo, un problema similar A la CVE-2017-7585." } ], "id": "CVE-2017-7741", "lastModified": "2024-11-21T03:32:33.800", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-04-12T18:59:00.157", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Third Party Advisory" ], "url": "https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0" }, { "source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201707-04" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Third Party Advisory" ], "url": "https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201707-04" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-07-07 17:29
Modified
2024-11-21 03:47
Severity ?
Summary
An issue has been found in libsndfile 1.0.28. There is a memory leak in psf_allocate in common.c, as demonstrated by sndfile-convert. NOTE: The maintainer and third parties were unable to reproduce and closed the issue
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://github.com/erikd/libsndfile/issues/398 | Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/erikd/libsndfile/issues/398 | Issue Tracking, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | 1.0.28 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:1.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "233F513A-E8C3-4B55-BA92-6A814D3A7CED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [ { "sourceIdentifier": "cve@mitre.org", "tags": [ "disputed" ] } ], "descriptions": [ { "lang": "en", "value": "An issue has been found in libsndfile 1.0.28. There is a memory leak in psf_allocate in common.c, as demonstrated by sndfile-convert. NOTE: The maintainer and third parties were unable to reproduce and closed the issue" }, { "lang": "es", "value": "** EN DISPUTA ** Se ha descubierto un problema en libsndfile 1.0.28. Hay una fuga de memoria en psf_allocate en common.c, tal y como queda demostrado con sndfile-conCVErt. NOTA: El mantenedor y terceros eran incapaces de reproducir y cerrar el problema." } ], "id": "CVE-2018-13419", "lastModified": "2024-11-21T03:47:04.453", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-07-07T17:29:00.383", "references": [ { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/issues/398" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/issues/398" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-772" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-07-20 15:15
Modified
2024-11-21 06:21
Severity ?
Summary
A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | 1.0.30 | |
fedoraproject | fedora | 33 | |
fedoraproject | fedora | 34 | |
debian | debian_linux | 9.0 | |
debian | debian_linux | 10.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:1.0.30:*:*:*:*:*:*:*", "matchCriteriaId": "35A57536-5B23-4FC4-9860-0E30943E41BD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file." }, { "lang": "es", "value": "Una vulnerabilidad de desbordamiento de buffer en la funci\u00f3n msadpcm_decode_block de libsndfile versi\u00f3n 1.0.30, permite a atacantes ejecutar c\u00f3digo arbitrario por medio de un archivo WAV dise\u00f1ado" } ], "id": "CVE-2021-3246", "lastModified": "2024-11-21T06:21:09.903", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-07-20T15:15:11.053", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Third Party Advisory" ], "url": "https://github.com/libsndfile/libsndfile/issues/687" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00024.html" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUDCEMMPRA3IYYYHVZUOUZXI65FU37V/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T7LNW4AVDVL3BU3N3KGVFLTYFASBVCIF/" }, { "source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/202309-11" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2021/dsa-4947" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Third Party Advisory" ], "url": "https://github.com/libsndfile/libsndfile/issues/687" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00024.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUDCEMMPRA3IYYYHVZUOUZXI65FU37V/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T7LNW4AVDVL3BU3N3KGVFLTYFASBVCIF/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202309-11" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2021/dsa-4947" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-03-21 16:01
Modified
2024-11-21 04:42
Severity ?
Summary
It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | 1.0.28 | |
debian | debian_linux | 9.0 | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
canonical | ubuntu_linux | 18.10 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:1.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "233F513A-E8C3-4B55-BA92-6A814D3A7CED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash." }, { "lang": "es", "value": "Se ha descubierto que la soluci\u00f3n para CVE-2018-19758 (libsndfile) no estaba completa y sigue permitiendo una lectura m\u00e1s all\u00e1 de los l\u00edmites de un b\u00fafer en la funci\u00f3n wav_write_header() en wav.c. Un atacante local podr\u00eda utilizar este fallo para provocar un cierre inesperado de la aplicaci\u00f3n" } ], "id": "CVE-2019-3832", "lastModified": "2024-11-21T04:42:38.340", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Secondary" } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-03-21T16:01:04.797", "references": [ { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3832" }, { "source": "secalert@redhat.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/issues/456" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/pull/460" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202007-65" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4013-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3832" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/issues/456" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/pull/460" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202007-65" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4013-1/" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "secalert@redhat.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-06-12 16:29
Modified
2024-11-21 03:30
Severity ?
Summary
In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | 1.0.28 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:1.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "233F513A-E8C3-4B55-BA92-6A814D3A7CED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In libsndfile version 1.0.28, an error in the \"aiff_read_chanmap()\" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file." }, { "lang": "es", "value": "En libsndfile versi\u00f3n 1.0.28, se puede explotar un error en la funci\u00f3n \"aiff_read_chanmap()\" del archivo (aiff.c) para causar un acceso a memoria de lectura fuera de l\u00edmites por medio de un archivo AIFF especialmente creado." } ], "id": "CVE-2017-6892", "lastModified": "2024-11-21T03:30:44.423", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-06-12T16:29:00.187", "references": [ { "source": "PSIRT-CNA@flexerasoftware.com", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" }, { "source": "PSIRT-CNA@flexerasoftware.com", "tags": [ "Third Party Advisory" ], "url": "https://secuniaresearch.flexerasoftware.com/advisories/76717/" }, { "source": "PSIRT-CNA@flexerasoftware.com", "tags": [ "Third Party Advisory" ], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-13/" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "https://security.gentoo.org/glsa/201811-23" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "https://usn.ubuntu.com/4013-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://secuniaresearch.flexerasoftware.com/advisories/76717/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-13/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201811-23" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4013-1/" } ], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-09-21 13:29
Modified
2024-11-21 03:12
Severity ?
Summary
An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | 1.0.28 | |
debian | debian_linux | 8.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:1.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "233F513A-E8C3-4B55-BA92-6A814D3A7CED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values." }, { "lang": "es", "value": "Una lectura fuera de l\u00edmites en la funci\u00f3n d2alaw_array() en alaw.c de libsndfile 1.0.28 podr\u00eda acabar en un ataque remoto de denegaci\u00f3n de servicio o de fuga de informaci\u00f3n relacionado con la mala gesti\u00f3n de los valores de puntos flotantes NAN e INFINITY." } ], "id": "CVE-2017-14245", "lastModified": "2024-11-21T03:12:23.903", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-09-21T13:29:00.203", "references": [ { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/issues/317" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" }, { "source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/202007-65" }, { "source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4013-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://github.com/erikd/libsndfile/issues/317" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202007-65" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4013-1/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2024-10-27 22:15
Modified
2024-11-05 16:14
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Summary
libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://github.com/libsndfile/libsndfile/issues/1035 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E71DB9F-FE9E-4369-8473-8D7B860D03DE", "versionEndIncluding": "1.2.2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read." }, { "lang": "es", "value": "libsndfile hasta 1.2.2 tiene una lectura fuera de los l\u00edmites de ogg_vorbis.c vorbis_analysis_wrote." } ], "id": "CVE-2024-50612", "lastModified": "2024-11-05T16:14:55.550", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] }, "published": "2024-10-27T22:15:03.613", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/libsndfile/libsndfile/issues/1035" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" }, { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] }
Vulnerability from fkie_nvd
Published
2023-07-18 14:15
Modified
2024-11-21 07:07
Severity ?
Summary
An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://github.com/libsndfile/libsndfile/issues/832 | Exploit, Issue Tracking, Patch | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/libsndfile/libsndfile/issues/832 | Exploit, Issue Tracking, Patch |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libsndfile_project | libsndfile | 1.1.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libsndfile_project:libsndfile:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "BADA76A3-E11A-4CA6-BBF0-649E71B14C0C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts." } ], "id": "CVE-2022-33064", "lastModified": "2024-11-21T07:07:29.667", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-07-18T14:15:11.973", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Issue Tracking", "Patch" ], "url": "https://github.com/libsndfile/libsndfile/issues/832" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking", "Patch" ], "url": "https://github.com/libsndfile/libsndfile/issues/832" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-193" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
cve-2017-12562
Vulnerability from cvelistv5
Published
2017-08-05 17:00
Modified
2024-08-05 18:43
Severity ?
EPSS score ?
Summary
Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
References
▼ | URL | Tags |
---|---|---|
https://github.com/erikd/libsndfile/issues/292 | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/201811-23 | vendor-advisory, x_refsource_GENTOO | |
https://lists.debian.org/debian-lts-announce/2022/06/msg00020.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:43:55.934Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/erikd/libsndfile/issues/292" }, { "name": "GLSA-201811-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201811-23" }, { "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3058-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-08-05T00:00:00", "descriptions": [ { "lang": "en", "value": "Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-28T22:06:54", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/erikd/libsndfile/issues/292" }, { "name": "GLSA-201811-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201811-23" }, { "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3058-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00020.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-12562", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/erikd/libsndfile/issues/292", "refsource": "CONFIRM", "url": "https://github.com/erikd/libsndfile/issues/292" }, { "name": "GLSA-201811-23", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201811-23" }, { "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3058-1] libsndfile security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00020.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-12562", "datePublished": "2017-08-05T17:00:00", "dateReserved": "2017-08-05T00:00:00", "dateUpdated": "2024-08-05T18:43:55.934Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-6892
Vulnerability from cvelistv5
Published
2017-06-12 16:00
Modified
2024-08-05 15:41
Severity ?
EPSS score ?
Summary
In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.
References
▼ | URL | Tags |
---|---|---|
https://secuniaresearch.flexerasoftware.com/secunia_research/2017-13/ | x_refsource_MISC | |
https://secuniaresearch.flexerasoftware.com/advisories/76717/ | x_refsource_MISC | |
https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748 | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/201811-23 | vendor-advisory, x_refsource_GENTOO | |
https://usn.ubuntu.com/4013-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html | mailing-list, x_refsource_MLIST |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Flexera Software LLC | libsndfile |
Version: 1.0.28 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T15:41:17.695Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-13/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://secuniaresearch.flexerasoftware.com/advisories/76717/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748" }, { "name": "GLSA-201811-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201811-23" }, { "name": "USN-4013-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4013-1/" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "libsndfile", "vendor": "Flexera Software LLC", "versions": [ { "status": "affected", "version": "1.0.28" } ] } ], "datePublic": "2017-06-12T00:00:00", "descriptions": [ { "lang": "en", "value": "In libsndfile version 1.0.28, an error in the \"aiff_read_chanmap()\" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file." } ], "problemTypes": [ { "descriptions": [ { "description": "Out-of-bounds read memory access leading to information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-29T18:06:16", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-13/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://secuniaresearch.flexerasoftware.com/advisories/76717/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748" }, { "name": "GLSA-201811-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201811-23" }, { "name": "USN-4013-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4013-1/" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2017-6892", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "libsndfile", "version": { "version_data": [ { "version_value": "1.0.28" } ] } } ] }, "vendor_name": "Flexera Software LLC" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In libsndfile version 1.0.28, an error in the \"aiff_read_chanmap()\" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Out-of-bounds read memory access leading to information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-13/", "refsource": "MISC", "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-13/" }, { "name": "https://secuniaresearch.flexerasoftware.com/advisories/76717/", "refsource": "MISC", "url": "https://secuniaresearch.flexerasoftware.com/advisories/76717/" }, { "name": "https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748", "refsource": "CONFIRM", "url": "https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748" }, { "name": "GLSA-201811-23", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201811-23" }, { "name": "USN-4013-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4013-1/" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2017-6892", "datePublished": "2017-06-12T16:00:00", "dateReserved": "2017-03-14T00:00:00", "dateUpdated": "2024-08-05T15:41:17.695Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-19662
Vulnerability from cvelistv5
Published
2018-11-29 07:00
Modified
2024-08-05 11:44
Severity ?
EPSS score ?
Summary
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service.
References
▼ | URL | Tags |
---|---|---|
https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html | mailing-list, x_refsource_MLIST | |
https://github.com/erikd/libsndfile/issues/429 | x_refsource_MISC | |
https://usn.ubuntu.com/4013-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T11:44:20.121Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/erikd/libsndfile/issues/429" }, { "name": "USN-4013-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4013-1/" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-11-29T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-29T18:06:15", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/erikd/libsndfile/issues/429" }, { "name": "USN-4013-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4013-1/" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19662", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "name": "https://github.com/erikd/libsndfile/issues/429", "refsource": "MISC", "url": "https://github.com/erikd/libsndfile/issues/429" }, { "name": "USN-4013-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4013-1/" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-19662", "datePublished": "2018-11-29T07:00:00", "dateReserved": "2018-11-29T00:00:00", "dateUpdated": "2024-08-05T11:44:20.121Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-14634
Vulnerability from cvelistv5
Published
2017-09-21 07:00
Modified
2024-08-05 19:34
Severity ?
EPSS score ?
Summary
In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.
References
▼ | URL | Tags |
---|---|---|
https://github.com/erikd/libsndfile/issues/318 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html | mailing-list, x_refsource_MLIST | |
https://security.gentoo.org/glsa/201811-23 | vendor-advisory, x_refsource_GENTOO | |
https://usn.ubuntu.com/4013-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:34:38.659Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/erikd/libsndfile/issues/318" }, { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "name": "GLSA-201811-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201811-23" }, { "name": "USN-4013-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4013-1/" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-09-21T00:00:00", "descriptions": [ { "lang": "en", "value": "In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-29T18:06:18", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/erikd/libsndfile/issues/318" }, { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "name": "GLSA-201811-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201811-23" }, { "name": "USN-4013-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4013-1/" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-14634", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/erikd/libsndfile/issues/318", "refsource": "MISC", "url": "https://github.com/erikd/libsndfile/issues/318" }, { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "name": "GLSA-201811-23", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201811-23" }, { "name": "USN-4013-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4013-1/" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-14634", "datePublished": "2017-09-21T07:00:00", "dateReserved": "2017-09-21T00:00:00", "dateUpdated": "2024-08-05T19:34:38.659Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-7585
Vulnerability from cvelistv5
Published
2017-04-07 20:00
Modified
2024-08-05 16:04
Severity ?
EPSS score ?
Summary
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
References
▼ | URL | Tags |
---|---|---|
http://www.mega-nerd.com/libsndfile/#History | x_refsource_CONFIRM | |
https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0 | x_refsource_CONFIRM | |
http://www.mega-nerd.com/libsndfile/NEWS | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/201707-04 | vendor-advisory, x_refsource_GENTOO | |
https://secuniaresearch.flexerasoftware.com/secunia_research/2017-4/ | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T16:04:12.013Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mega-nerd.com/libsndfile/#History" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mega-nerd.com/libsndfile/NEWS" }, { "name": "GLSA-201707-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201707-04" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-4/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-04-07T00:00:00", "descriptions": [ { "lang": "en", "value": "In libsndfile before 1.0.28, an error in the \"flac_buffer_copy()\" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mega-nerd.com/libsndfile/#History" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mega-nerd.com/libsndfile/NEWS" }, { "name": "GLSA-201707-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201707-04" }, { "tags": [ "x_refsource_MISC" ], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-4/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-7585", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In libsndfile before 1.0.28, an error in the \"flac_buffer_copy()\" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.mega-nerd.com/libsndfile/#History", "refsource": "CONFIRM", "url": "http://www.mega-nerd.com/libsndfile/#History" }, { "name": "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0", "refsource": "CONFIRM", "url": "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0" }, { "name": "http://www.mega-nerd.com/libsndfile/NEWS", "refsource": "CONFIRM", "url": "http://www.mega-nerd.com/libsndfile/NEWS" }, { "name": "GLSA-201707-04", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201707-04" }, { "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-4/", "refsource": "MISC", "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-4/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-7585", "datePublished": "2017-04-07T20:00:00", "dateReserved": "2017-04-07T00:00:00", "dateUpdated": "2024-08-05T16:04:12.013Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-33065
Vulnerability from cvelistv5
Published
2023-07-18 00:00
Modified
2024-10-28 18:23
Severity ?
EPSS score ?
Summary
Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T08:01:18.892Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/libsndfile/libsndfile/issues/833" }, { "tags": [ "x_transferred" ], "url": "https://github.com/libsndfile/libsndfile/issues/789" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-33065", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-28T18:23:14.864071Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-28T18:23:22.077Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-18T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/libsndfile/libsndfile/issues/833" }, { "url": "https://github.com/libsndfile/libsndfile/issues/789" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-33065", "datePublished": "2023-07-18T00:00:00", "dateReserved": "2022-06-13T00:00:00", "dateUpdated": "2024-10-28T18:23:22.077Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-19758
Vulnerability from cvelistv5
Published
2018-11-30 03:00
Modified
2024-08-05 11:44
Severity ?
EPSS score ?
Summary
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1643812 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2019/01/msg00008.html | mailing-list, x_refsource_MLIST | |
https://usn.ubuntu.com/4013-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T11:44:20.190Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643812" }, { "name": "[debian-lts-announce] 20190110 [SECURITY] [DLA 1632-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00008.html" }, { "name": "USN-4013-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4013-1/" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-11-29T00:00:00", "descriptions": [ { "lang": "en", "value": "There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-29T18:06:16", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643812" }, { "name": "[debian-lts-announce] 20190110 [SECURITY] [DLA 1632-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00008.html" }, { "name": "USN-4013-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4013-1/" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19758", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1643812", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643812" }, { "name": "[debian-lts-announce] 20190110 [SECURITY] [DLA 1632-1] libsndfile security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00008.html" }, { "name": "USN-4013-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4013-1/" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-19758", "datePublished": "2018-11-30T03:00:00", "dateReserved": "2018-11-29T00:00:00", "dateUpdated": "2024-08-05T11:44:20.190Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-7742
Vulnerability from cvelistv5
Published
2017-04-12 18:00
Modified
2024-08-05 16:12
Severity ?
EPSS score ?
Summary
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
References
▼ | URL | Tags |
---|---|---|
https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0 | x_refsource_MISC | |
https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/ | x_refsource_MISC | |
https://security.gentoo.org/glsa/201707-04 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T16:12:28.431Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/" }, { "name": "GLSA-201707-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201707-04" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-04-12T00:00:00", "descriptions": [ { "lang": "en", "value": "In libsndfile before 1.0.28, an error in the \"flac_buffer_copy()\" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/" }, { "name": "GLSA-201707-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201707-04" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-7742", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In libsndfile before 1.0.28, an error in the \"flac_buffer_copy()\" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0", "refsource": "MISC", "url": "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0" }, { "name": "https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/", "refsource": "MISC", "url": "https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/" }, { "name": "GLSA-201707-04", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201707-04" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-7742", "datePublished": "2017-04-12T18:00:00", "dateReserved": "2017-04-12T00:00:00", "dateUpdated": "2024-08-05T16:12:28.431Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-19432
Vulnerability from cvelistv5
Published
2018-11-22 05:00
Modified
2024-08-05 11:37
Severity ?
EPSS score ?
Summary
An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service.
References
▼ | URL | Tags |
---|---|---|
https://github.com/erikd/libsndfile/issues/427 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html | mailing-list, x_refsource_MLIST | |
http://www.securityfocus.com/bid/105996 | vdb-entry, x_refsource_BID | |
https://usn.ubuntu.com/4013-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T11:37:11.396Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/erikd/libsndfile/issues/427" }, { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "name": "105996", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105996" }, { "name": "USN-4013-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4013-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-11-21T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-10T16:06:05", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/erikd/libsndfile/issues/427" }, { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "name": "105996", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105996" }, { "name": "USN-4013-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4013-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19432", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/erikd/libsndfile/issues/427", "refsource": "MISC", "url": "https://github.com/erikd/libsndfile/issues/427" }, { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "name": "105996", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105996" }, { "name": "USN-4013-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4013-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-19432", "datePublished": "2018-11-22T05:00:00", "dateReserved": "2018-11-21T00:00:00", "dateUpdated": "2024-08-05T11:37:11.396Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-9756
Vulnerability from cvelistv5
Published
2015-11-19 20:00
Modified
2024-08-06 13:55
Severity ?
EPSS score ?
Summary
The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.
References
▼ | URL | Tags |
---|---|---|
http://lists.opensuse.org/opensuse-updates/2015-11/msg00077.html | vendor-advisory, x_refsource_SUSE | |
https://github.com/erikd/libsndfile/issues/92 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2014/12/24/3 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2015/11/03/9 | mailing-list, x_refsource_MLIST | |
http://www.ubuntu.com/usn/USN-2832-1 | vendor-advisory, x_refsource_UBUNTU | |
https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6 | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-updates/2015-11/msg00145.html | vendor-advisory, x_refsource_SUSE |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T13:55:04.585Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "openSUSE-SU-2015:1995", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00077.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/erikd/libsndfile/issues/92" }, { "name": "[oss-security] 20141224 libsndfile DoS/divide-by-zero", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2014/12/24/3" }, { "name": "[oss-security] 20151103 Re: libsndfile DoS/divide-by-zero", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2015/11/03/9" }, { "name": "USN-2832-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2832-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6" }, { "name": "openSUSE-SU-2015:2119", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00145.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-12-24T00:00:00", "descriptions": [ { "lang": "en", "value": "The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-05T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "openSUSE-SU-2015:1995", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00077.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/erikd/libsndfile/issues/92" }, { "name": "[oss-security] 20141224 libsndfile DoS/divide-by-zero", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2014/12/24/3" }, { "name": "[oss-security] 20151103 Re: libsndfile DoS/divide-by-zero", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2015/11/03/9" }, { "name": "USN-2832-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2832-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6" }, { "name": "openSUSE-SU-2015:2119", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00145.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9756", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "openSUSE-SU-2015:1995", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00077.html" }, { "name": "https://github.com/erikd/libsndfile/issues/92", "refsource": "CONFIRM", "url": "https://github.com/erikd/libsndfile/issues/92" }, { "name": "[oss-security] 20141224 libsndfile DoS/divide-by-zero", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/12/24/3" }, { "name": "[oss-security] 20151103 Re: libsndfile DoS/divide-by-zero", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/11/03/9" }, { "name": "USN-2832-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2832-1" }, { "name": "https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6", "refsource": "CONFIRM", "url": "https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6" }, { "name": "openSUSE-SU-2015:2119", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00145.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-9756", "datePublished": "2015-11-19T20:00:00", "dateReserved": "2015-11-03T00:00:00", "dateUpdated": "2024-08-06T13:55:04.585Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-50612
Vulnerability from cvelistv5
Published
2024-10-27 00:00
Modified
2024-10-30 20:47
Severity ?
EPSS score ?
Summary
libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read.
References
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:libsndfile_project:libsndfile:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "libsndfile", "vendor": "libsndfile_project", "versions": [ { "lessThanOrEqual": "1.2.2", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-50612", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-30T18:57:26.146162Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-30T20:47:04.173Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-27T22:01:09.915884", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/libsndfile/libsndfile/issues/1035" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2024-50612", "datePublished": "2024-10-27T00:00:00", "dateReserved": "2024-10-27T00:00:00", "dateUpdated": "2024-10-30T20:47:04.173Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-8361
Vulnerability from cvelistv5
Published
2017-04-30 19:00
Modified
2024-08-05 16:34
Severity ?
EPSS score ?
Summary
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.
References
▼ | URL | Tags |
---|---|---|
https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-flac_buffer_copy-flac-c/ | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html | mailing-list, x_refsource_MLIST | |
https://security.gentoo.org/glsa/201811-23 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T16:34:22.739Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-flac_buffer_copy-flac-c/" }, { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "name": "GLSA-201811-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201811-23" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-04-30T00:00:00", "descriptions": [ { "lang": "en", "value": "The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-26T10:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-flac_buffer_copy-flac-c/" }, { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "name": "GLSA-201811-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201811-23" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-8361", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-flac_buffer_copy-flac-c/", "refsource": "MISC", "url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-flac_buffer_copy-flac-c/" }, { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "name": "GLSA-201811-23", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201811-23" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-8361", "datePublished": "2017-04-30T19:00:00", "dateReserved": "2017-04-30T00:00:00", "dateUpdated": "2024-08-05T16:34:22.739Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-13419
Vulnerability from cvelistv5
Published
2018-07-07 17:00
Modified
2024-08-05 09:00
Severity ?
EPSS score ?
Summary
An issue has been found in libsndfile 1.0.28. There is a memory leak in psf_allocate in common.c, as demonstrated by sndfile-convert. NOTE: The maintainer and third parties were unable to reproduce and closed the issue
References
▼ | URL | Tags |
---|---|---|
https://github.com/erikd/libsndfile/issues/398 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:00:35.345Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/erikd/libsndfile/issues/398" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-07-07T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue has been found in libsndfile 1.0.28. There is a memory leak in psf_allocate in common.c, as demonstrated by sndfile-convert. NOTE: The maintainer and third parties were unable to reproduce and closed the issue" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-03-13T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/erikd/libsndfile/issues/398" } ], "tags": [ "disputed" ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-13419", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "** DISPUTED ** An issue has been found in libsndfile 1.0.28. There is a memory leak in psf_allocate in common.c, as demonstrated by sndfile-convert. NOTE: The maintainer and third parties were unable to reproduce and closed the issue." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/erikd/libsndfile/issues/398", "refsource": "MISC", "url": "https://github.com/erikd/libsndfile/issues/398" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-13419", "datePublished": "2018-07-07T17:00:00", "dateReserved": "2018-07-07T00:00:00", "dateUpdated": "2024-08-05T09:00:35.345Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-16942
Vulnerability from cvelistv5
Published
2017-11-25 17:00
Modified
2024-08-05 20:43
Severity ?
EPSS score ?
Summary
In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.
References
▼ | URL | Tags |
---|---|---|
https://github.com/erikd/libsndfile/issues/341 | x_refsource_MISC | |
https://usn.ubuntu.com/4013-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T20:43:59.531Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/erikd/libsndfile/issues/341" }, { "name": "USN-4013-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4013-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-11-25T00:00:00", "descriptions": [ { "lang": "en", "value": "In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-10T16:06:05", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/erikd/libsndfile/issues/341" }, { "name": "USN-4013-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4013-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16942", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/erikd/libsndfile/issues/341", "refsource": "MISC", "url": "https://github.com/erikd/libsndfile/issues/341" }, { "name": "USN-4013-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4013-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-16942", "datePublished": "2017-11-25T17:00:00", "dateReserved": "2017-11-25T00:00:00", "dateUpdated": "2024-08-05T20:43:59.531Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-7741
Vulnerability from cvelistv5
Published
2017-04-12 18:00
Modified
2024-08-05 16:12
Severity ?
EPSS score ?
Summary
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
References
▼ | URL | Tags |
---|---|---|
https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0 | x_refsource_MISC | |
https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/ | x_refsource_MISC | |
https://security.gentoo.org/glsa/201707-04 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T16:12:28.330Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/" }, { "name": "GLSA-201707-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201707-04" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-04-12T00:00:00", "descriptions": [ { "lang": "en", "value": "In libsndfile before 1.0.28, an error in the \"flac_buffer_copy()\" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/" }, { "name": "GLSA-201707-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201707-04" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-7741", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In libsndfile before 1.0.28, an error in the \"flac_buffer_copy()\" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0", "refsource": "MISC", "url": "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0" }, { "name": "https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/", "refsource": "MISC", "url": "https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/" }, { "name": "GLSA-201707-04", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201707-04" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-7741", "datePublished": "2017-04-12T18:00:00", "dateReserved": "2017-04-12T00:00:00", "dateUpdated": "2024-08-05T16:12:28.330Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-14246
Vulnerability from cvelistv5
Published
2017-09-21 13:00
Modified
2024-08-05 19:20
Severity ?
EPSS score ?
Summary
An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.
References
▼ | URL | Tags |
---|---|---|
https://github.com/erikd/libsndfile/issues/317 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html | mailing-list, x_refsource_MLIST | |
https://usn.ubuntu.com/4013-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://security.gentoo.org/glsa/202007-65 | vendor-advisory, x_refsource_GENTOO | |
https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:20:41.326Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/erikd/libsndfile/issues/317" }, { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "name": "USN-4013-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4013-1/" }, { "name": "GLSA-202007-65", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202007-65" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-09-21T00:00:00", "descriptions": [ { "lang": "en", "value": "An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-29T18:06:14", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/erikd/libsndfile/issues/317" }, { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "name": "USN-4013-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4013-1/" }, { "name": "GLSA-202007-65", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202007-65" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-14246", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/erikd/libsndfile/issues/317", "refsource": "MISC", "url": "https://github.com/erikd/libsndfile/issues/317" }, { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "name": "USN-4013-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4013-1/" }, { "name": "GLSA-202007-65", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202007-65" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-14246", "datePublished": "2017-09-21T13:00:00", "dateReserved": "2017-09-10T00:00:00", "dateUpdated": "2024-08-05T19:20:41.326Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-8365
Vulnerability from cvelistv5
Published
2017-04-30 19:00
Modified
2024-08-05 16:34
Severity ?
EPSS score ?
Summary
The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.
References
▼ | URL | Tags |
---|---|---|
https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-i2les_array-pcm-c/ | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html | mailing-list, x_refsource_MLIST | |
https://security.gentoo.org/glsa/201811-23 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T16:34:22.839Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-i2les_array-pcm-c/" }, { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "name": "GLSA-201811-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201811-23" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-04-30T00:00:00", "descriptions": [ { "lang": "en", "value": "The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-26T10:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-i2les_array-pcm-c/" }, { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "name": "GLSA-201811-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201811-23" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-8365", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-i2les_array-pcm-c/", "refsource": "MISC", "url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-i2les_array-pcm-c/" }, { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "name": "GLSA-201811-23", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201811-23" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-8365", "datePublished": "2017-04-30T19:00:00", "dateReserved": "2017-04-30T00:00:00", "dateUpdated": "2024-08-05T16:34:22.839Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-50613
Vulnerability from cvelistv5
Published
2024-10-27 00:00
Modified
2024-10-30 19:13
Severity ?
EPSS score ?
Summary
libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.
References
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:libsndfile_project:libsndfile:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "libsndfile", "vendor": "libsndfile_project", "versions": [ { "lessThanOrEqual": "1.2.2", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-50613", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-30T19:10:56.308222Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-617", "description": "CWE-617 Reachable Assertion", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-30T19:13:18.634Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-27T22:01:00.425668", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/libsndfile/libsndfile/issues/1034" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2024-50613", "datePublished": "2024-10-27T00:00:00", "dateReserved": "2024-10-27T00:00:00", "dateUpdated": "2024-10-30T19:13:18.634Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-4156
Vulnerability from cvelistv5
Published
2022-03-23 00:00
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | libsndfile |
Version: libsndfile 1.1.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:16:04.230Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027690" }, { "tags": [ "x_transferred" ], "url": "https://github.com/libsndfile/libsndfile/pull/732/commits/4c30646abf7834e406f7e2429c70bc254e18beab" }, { "tags": [ "x_transferred" ], "url": "https://github.com/libsndfile/libsndfile/issues/731" }, { "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3058-1] libsndfile security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00020.html" }, { "name": "[debian-lts-announce] 20220929 [SECURITY] [DLA 3126-1] libsndfile security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00036.html" }, { "name": "GLSA-202309-11", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202309-11" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "libsndfile", "vendor": "n/a", "versions": [ { "status": "affected", "version": "libsndfile 1.1.0" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds read flaw was found in libsndfile\u0027s FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-29T12:06:18.959269", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027690" }, { "url": "https://github.com/libsndfile/libsndfile/pull/732/commits/4c30646abf7834e406f7e2429c70bc254e18beab" }, { "url": "https://github.com/libsndfile/libsndfile/issues/731" }, { "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3058-1] libsndfile security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00020.html" }, { "name": "[debian-lts-announce] 20220929 [SECURITY] [DLA 3126-1] libsndfile security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00036.html" }, { "name": "GLSA-202309-11", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202309-11" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-4156", "datePublished": "2022-03-23T00:00:00", "dateReserved": "2021-12-22T00:00:00", "dateUpdated": "2024-08-03T17:16:04.230Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-14245
Vulnerability from cvelistv5
Published
2017-09-21 13:00
Modified
2024-08-05 19:20
Severity ?
EPSS score ?
Summary
An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.
References
▼ | URL | Tags |
---|---|---|
https://github.com/erikd/libsndfile/issues/317 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html | mailing-list, x_refsource_MLIST | |
https://usn.ubuntu.com/4013-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://security.gentoo.org/glsa/202007-65 | vendor-advisory, x_refsource_GENTOO | |
https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:20:41.319Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/erikd/libsndfile/issues/317" }, { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "name": "USN-4013-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4013-1/" }, { "name": "GLSA-202007-65", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202007-65" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-09-21T00:00:00", "descriptions": [ { "lang": "en", "value": "An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-29T18:06:14", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/erikd/libsndfile/issues/317" }, { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "name": "USN-4013-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4013-1/" }, { "name": "GLSA-202007-65", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202007-65" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-14245", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/erikd/libsndfile/issues/317", "refsource": "MISC", "url": "https://github.com/erikd/libsndfile/issues/317" }, { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "name": "USN-4013-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4013-1/" }, { "name": "GLSA-202007-65", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202007-65" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-14245", "datePublished": "2017-09-21T13:00:00", "dateReserved": "2017-09-10T00:00:00", "dateUpdated": "2024-08-05T19:20:41.319Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-8363
Vulnerability from cvelistv5
Published
2017-04-30 19:00
Modified
2024-08-05 16:34
Severity ?
EPSS score ?
Summary
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.
References
▼ | URL | Tags |
---|---|---|
https://blogs.gentoo.org/ago/2017/04/29/libsndfile-heap-based-buffer-overflow-in-flac_buffer_copy-flac-c/ | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html | mailing-list, x_refsource_MLIST | |
https://security.gentoo.org/glsa/201811-23 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T16:34:22.698Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-heap-based-buffer-overflow-in-flac_buffer_copy-flac-c/" }, { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "name": "GLSA-201811-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201811-23" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-04-30T00:00:00", "descriptions": [ { "lang": "en", "value": "The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-26T10:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-heap-based-buffer-overflow-in-flac_buffer_copy-flac-c/" }, { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "name": "GLSA-201811-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201811-23" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-8363", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-heap-based-buffer-overflow-in-flac_buffer_copy-flac-c/", "refsource": "MISC", "url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-heap-based-buffer-overflow-in-flac_buffer_copy-flac-c/" }, { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "name": "GLSA-201811-23", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201811-23" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-8363", "datePublished": "2017-04-30T19:00:00", "dateReserved": "2017-04-30T00:00:00", "dateUpdated": "2024-08-05T16:34:22.698Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-9496
Vulnerability from cvelistv5
Published
2015-01-16 16:00
Modified
2024-08-06 13:47
Severity ?
EPSS score ?
Summary
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/71796 | vdb-entry, x_refsource_BID | |
https://github.com/erikd/libsndfile/issues/93 | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-updates/2015-01/msg00016.html | vendor-advisory, x_refsource_SUSE | |
http://www.mandriva.com/security/advisories?name=MDVSA-2015:024 | vendor-advisory, x_refsource_MANDRIVA | |
https://github.com/erikd/libsndfile/commit/dbe14f00030af5d3577f4cabbf9861db59e9c378 | x_refsource_CONFIRM | |
http://www.ubuntu.com/usn/USN-2832-1 | vendor-advisory, x_refsource_UBUNTU | |
http://secunia.com/advisories/62320 | third-party-advisory, x_refsource_SECUNIA | |
https://security.gentoo.org/glsa/201612-03 | vendor-advisory, x_refsource_GENTOO | |
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html | x_refsource_CONFIRM | |
http://advisories.mageia.org/MGASA-2015-0015.html | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2015/01/04/4 | mailing-list, x_refsource_MLIST | |
https://seclists.org/bugtraq/2019/Apr/23 | mailing-list, x_refsource_BUGTRAQ |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T13:47:41.413Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "71796", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/71796" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/erikd/libsndfile/issues/93" }, { "name": "openSUSE-SU-2015:0041", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00016.html" }, { "name": "MDVSA-2015:024", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:024" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/erikd/libsndfile/commit/dbe14f00030af5d3577f4cabbf9861db59e9c378" }, { "name": "USN-2832-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2832-1" }, { "name": "62320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/62320" }, { "name": "GLSA-201612-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201612-03" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://advisories.mageia.org/MGASA-2015-0015.html" }, { "name": "[oss-security] 20150103 Re: Re: CVE Request: libsndfile buffer overread", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2015/01/04/4" }, { "name": "20190411 [SECURITY] [DSA 4430-1] wpa security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Apr/23" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-12-22T00:00:00", "descriptions": [ { "lang": "en", "value": "The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-04-11T12:06:04", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "71796", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/71796" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/erikd/libsndfile/issues/93" }, { "name": "openSUSE-SU-2015:0041", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00016.html" }, { "name": "MDVSA-2015:024", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:024" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/erikd/libsndfile/commit/dbe14f00030af5d3577f4cabbf9861db59e9c378" }, { "name": "USN-2832-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2832-1" }, { "name": "62320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/62320" }, { "name": "GLSA-201612-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201612-03" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://advisories.mageia.org/MGASA-2015-0015.html" }, { "name": "[oss-security] 20150103 Re: Re: CVE Request: libsndfile buffer overread", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2015/01/04/4" }, { "name": "20190411 [SECURITY] [DSA 4430-1] wpa security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Apr/23" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9496", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "71796", "refsource": "BID", "url": "http://www.securityfocus.com/bid/71796" }, { "name": "https://github.com/erikd/libsndfile/issues/93", "refsource": "CONFIRM", "url": "https://github.com/erikd/libsndfile/issues/93" }, { "name": "openSUSE-SU-2015:0041", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00016.html" }, { "name": "MDVSA-2015:024", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:024" }, { "name": "https://github.com/erikd/libsndfile/commit/dbe14f00030af5d3577f4cabbf9861db59e9c378", "refsource": "CONFIRM", "url": "https://github.com/erikd/libsndfile/commit/dbe14f00030af5d3577f4cabbf9861db59e9c378" }, { "name": "USN-2832-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2832-1" }, { "name": "62320", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62320" }, { "name": "GLSA-201612-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201612-03" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "name": "http://advisories.mageia.org/MGASA-2015-0015.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2015-0015.html" }, { "name": "[oss-security] 20150103 Re: Re: CVE Request: libsndfile buffer overread", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/01/04/4" }, { "name": "20190411 [SECURITY] [DSA 4430-1] wpa security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Apr/23" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-9496", "datePublished": "2015-01-16T16:00:00", "dateReserved": "2015-01-03T00:00:00", "dateUpdated": "2024-08-06T13:47:41.413Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-33064
Vulnerability from cvelistv5
Published
2023-07-18 00:00
Modified
2024-10-28 18:23
Severity ?
EPSS score ?
Summary
An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T08:01:18.898Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/libsndfile/libsndfile/issues/832" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-33064", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-28T18:23:45.636167Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-28T18:23:53.758Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-18T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/libsndfile/libsndfile/issues/832" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-33064", "datePublished": "2023-07-18T00:00:00", "dateReserved": "2022-06-13T00:00:00", "dateUpdated": "2024-10-28T18:23:53.758Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-7586
Vulnerability from cvelistv5
Published
2017-04-07 20:00
Modified
2024-08-05 16:04
Severity ?
EPSS score ?
Summary
In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
References
▼ | URL | Tags |
---|---|---|
https://github.com/erikd/libsndfile/commit/708e996c87c5fae77b104ccfeb8f6db784c32074 | x_refsource_CONFIRM | |
http://www.mega-nerd.com/libsndfile/#History | x_refsource_CONFIRM | |
http://www.mega-nerd.com/libsndfile/NEWS | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/201707-04 | vendor-advisory, x_refsource_GENTOO | |
https://github.com/erikd/libsndfile/commit/f457b7b5ecfe91697ed01cfc825772c4d8de1236 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97522 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T16:04:11.873Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/erikd/libsndfile/commit/708e996c87c5fae77b104ccfeb8f6db784c32074" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mega-nerd.com/libsndfile/#History" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mega-nerd.com/libsndfile/NEWS" }, { "name": "GLSA-201707-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201707-04" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/erikd/libsndfile/commit/f457b7b5ecfe91697ed01cfc825772c4d8de1236" }, { "name": "97522", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97522" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-04-07T00:00:00", "descriptions": [ { "lang": "en", "value": "In libsndfile before 1.0.28, an error in the \"header_read()\" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/erikd/libsndfile/commit/708e996c87c5fae77b104ccfeb8f6db784c32074" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mega-nerd.com/libsndfile/#History" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mega-nerd.com/libsndfile/NEWS" }, { "name": "GLSA-201707-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201707-04" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/erikd/libsndfile/commit/f457b7b5ecfe91697ed01cfc825772c4d8de1236" }, { "name": "97522", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97522" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-7586", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In libsndfile before 1.0.28, an error in the \"header_read()\" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/erikd/libsndfile/commit/708e996c87c5fae77b104ccfeb8f6db784c32074", "refsource": "CONFIRM", "url": "https://github.com/erikd/libsndfile/commit/708e996c87c5fae77b104ccfeb8f6db784c32074" }, { "name": "http://www.mega-nerd.com/libsndfile/#History", "refsource": "CONFIRM", "url": "http://www.mega-nerd.com/libsndfile/#History" }, { "name": "http://www.mega-nerd.com/libsndfile/NEWS", "refsource": "CONFIRM", "url": "http://www.mega-nerd.com/libsndfile/NEWS" }, { "name": "GLSA-201707-04", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201707-04" }, { "name": "https://github.com/erikd/libsndfile/commit/f457b7b5ecfe91697ed01cfc825772c4d8de1236", "refsource": "CONFIRM", "url": "https://github.com/erikd/libsndfile/commit/f457b7b5ecfe91697ed01cfc825772c4d8de1236" }, { "name": "97522", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97522" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-7586", "datePublished": "2017-04-07T20:00:00", "dateReserved": "2017-04-07T00:00:00", "dateUpdated": "2024-08-05T16:04:11.873Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-3832
Vulnerability from cvelistv5
Published
2019-03-20 20:00
Modified
2024-08-04 19:19
Severity ?
EPSS score ?
Summary
It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3832 | x_refsource_CONFIRM | |
https://github.com/erikd/libsndfile/issues/456 | x_refsource_CONFIRM | |
https://github.com/erikd/libsndfile/pull/460 | x_refsource_CONFIRM | |
https://usn.ubuntu.com/4013-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://security.gentoo.org/glsa/202007-65 | vendor-advisory, x_refsource_GENTOO | |
https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html | mailing-list, x_refsource_MLIST |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | [UNKNOWN] | libsndfile |
Version: NA |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:19:18.550Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3832" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/erikd/libsndfile/issues/456" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/erikd/libsndfile/pull/460" }, { "name": "USN-4013-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4013-1/" }, { "name": "GLSA-202007-65", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202007-65" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "libsndfile", "vendor": "[UNKNOWN]", "versions": [ { "status": "affected", "version": "NA" } ] } ], "datePublic": "2019-02-07T00:00:00", "descriptions": [ { "lang": "en", "value": "It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-29T18:06:17", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3832" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/erikd/libsndfile/issues/456" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/erikd/libsndfile/pull/460" }, { "name": "USN-4013-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4013-1/" }, { "name": "GLSA-202007-65", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202007-65" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-3832", "datePublished": "2019-03-20T20:00:27", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:19:18.550Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-13139
Vulnerability from cvelistv5
Published
2018-07-04 14:00
Modified
2024-08-05 08:52
Severity ?
EPSS score ?
Summary
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave.
References
▼ | URL | Tags |
---|---|---|
https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html | mailing-list, x_refsource_MLIST | |
https://github.com/erikd/libsndfile/issues/397 | x_refsource_MISC | |
https://security.gentoo.org/glsa/201811-23 | vendor-advisory, x_refsource_GENTOO | |
https://usn.ubuntu.com/4013-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T08:52:50.551Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/erikd/libsndfile/issues/397" }, { "name": "GLSA-201811-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201811-23" }, { "name": "USN-4013-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4013-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-07-04T00:00:00", "descriptions": [ { "lang": "en", "value": "A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-10T16:06:06", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/erikd/libsndfile/issues/397" }, { "name": "GLSA-201811-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201811-23" }, { "name": "USN-4013-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4013-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-13139", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "name": "https://github.com/erikd/libsndfile/issues/397", "refsource": "MISC", "url": "https://github.com/erikd/libsndfile/issues/397" }, { "name": "GLSA-201811-23", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201811-23" }, { "name": "USN-4013-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4013-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-13139", "datePublished": "2018-07-04T14:00:00", "dateReserved": "2018-07-04T00:00:00", "dateUpdated": "2024-08-05T08:52:50.551Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-3246
Vulnerability from cvelistv5
Published
2021-07-20 00:00
Modified
2024-08-03 16:53
Severity ?
EPSS score ?
Summary
A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:53:16.366Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/libsndfile/libsndfile/issues/687" }, { "name": "[debian-lts-announce] 20210729 [SECURITY] [DLA 2722-1] libsndfile security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00024.html" }, { "name": "DSA-4947", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-4947" }, { "name": "FEDORA-2021-8fef82e363", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T7LNW4AVDVL3BU3N3KGVFLTYFASBVCIF/" }, { "name": "FEDORA-2021-e2dc109b4c", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUDCEMMPRA3IYYYHVZUOUZXI65FU37V/" }, { "name": "GLSA-202309-11", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202309-11" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-29T12:06:20.711855", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/libsndfile/libsndfile/issues/687" }, { "name": "[debian-lts-announce] 20210729 [SECURITY] [DLA 2722-1] libsndfile security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00024.html" }, { "name": "DSA-4947", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2021/dsa-4947" }, { "name": "FEDORA-2021-8fef82e363", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T7LNW4AVDVL3BU3N3KGVFLTYFASBVCIF/" }, { "name": "FEDORA-2021-e2dc109b4c", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUDCEMMPRA3IYYYHVZUOUZXI65FU37V/" }, { "name": "GLSA-202309-11", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202309-11" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-3246", "datePublished": "2021-07-20T00:00:00", "dateReserved": "2021-01-22T00:00:00", "dateUpdated": "2024-08-03T16:53:16.366Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-19661
Vulnerability from cvelistv5
Published
2018-11-29 07:00
Modified
2024-08-05 11:44
Severity ?
EPSS score ?
Summary
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service.
References
▼ | URL | Tags |
---|---|---|
https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html | mailing-list, x_refsource_MLIST | |
https://github.com/erikd/libsndfile/issues/429 | x_refsource_MISC | |
https://usn.ubuntu.com/4013-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T11:44:19.603Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/erikd/libsndfile/issues/429" }, { "name": "USN-4013-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4013-1/" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-11-29T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-29T18:06:18", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/erikd/libsndfile/issues/429" }, { "name": "USN-4013-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4013-1/" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19661", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "name": "https://github.com/erikd/libsndfile/issues/429", "refsource": "MISC", "url": "https://github.com/erikd/libsndfile/issues/429" }, { "name": "USN-4013-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4013-1/" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-19661", "datePublished": "2018-11-29T07:00:00", "dateReserved": "2018-11-29T00:00:00", "dateUpdated": "2024-08-05T11:44:19.603Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-8362
Vulnerability from cvelistv5
Published
2017-04-30 19:00
Modified
2024-08-05 16:34
Severity ?
EPSS score ?
Summary
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file.
References
▼ | URL | Tags |
---|---|---|
https://blogs.gentoo.org/ago/2017/04/29/libsndfile-invalid-memory-read-in-flac_buffer_copy-flac-c/ | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html | mailing-list, x_refsource_MLIST | |
https://security.gentoo.org/glsa/201811-23 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T16:34:22.659Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-invalid-memory-read-in-flac_buffer_copy-flac-c/" }, { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "name": "GLSA-201811-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201811-23" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-04-30T00:00:00", "descriptions": [ { "lang": "en", "value": "The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-26T10:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-invalid-memory-read-in-flac_buffer_copy-flac-c/" }, { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "name": "GLSA-201811-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201811-23" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-8362", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-invalid-memory-read-in-flac_buffer_copy-flac-c/", "refsource": "MISC", "url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-invalid-memory-read-in-flac_buffer_copy-flac-c/" }, { "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" }, { "name": "GLSA-201811-23", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201811-23" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-8362", "datePublished": "2017-04-30T19:00:00", "dateReserved": "2017-04-30T00:00:00", "dateUpdated": "2024-08-05T16:34:22.659Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }