VuXML ID | Description |
086c96cd-d0cb-11ea-b922-5404a68ad561 | libsndfile -- out-of-bounds read memory access
RedHat reports:
It was discovered the fix for CVE-2018-19758 was not complete and
still allows a read beyond the limits of a buffer in
wav_write_header() function in wav.c. A local attacker may use
this flaw to make the application crash.
Discovery 2019-02-14 Entry 2020-07-28 libsndfile
< 1.0.29.p.20200620
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3832
|
5a97805e-93ef-4dcb-8d5e-dbcac263bfc2 | libsndfile -- multiple vulnerabilities
NVD reports:
In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to
cause a stack-based buffer overflow via a specially crafted
FLAC file.
In libsndfile before 1.0.28, an error in the
"header_read()" function (common.c) when handling ID3 tags
can be exploited to cause a stack-based buffer overflow
via a specially crafted FLAC file.
In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to
cause a segmentation violation (with write memory access)
via a specially crafted FLAC file during a resample
attempt, a similar issue to CVE-2017-7585.
In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to
cause a segmentation violation (with read memory access)
via a specially crafted FLAC file during a resample
attempt, a similar issue to CVE-2017-7585.
Discovery 2017-04-07 Entry 2017-04-20 libsndfile
linux-c6-libsndfile
linux-c7-libsndfile
< 1.0.28_2
CVE-2017-7585
CVE-2017-7586
CVE-2017-7741
CVE-2017-7742
https://github.com/erikd/libsndfile/commit/60b234301adf
https://github.com/erikd/libsndfile/commit/708e996c87c5
https://github.com/erikd/libsndfile/commit/f457b7b5ecfe
https://github.com/erikd/libsndfile/commit/60b234301adf
|
b9f3ffa3-dd6c-11e0-b7fc-000a5e1e33c6 | libsndfile -- PAF file processing integer overflow
Secunia reports:
Hossein Lotfi has discovered a vulnerability in libsndfile,
which can be exploited by malicious people to potentially
compromise an application using the library. The vulnerability
is caused due to an integer overflow error in the "paf24_init()"
function (src/paf.c) when processing Paris Audio (PAF) files.
This can be exploited to cause a heap-based buffer overflow via
a specially crafted file. Successful exploitation may allow
execution of arbitrary code. The vulnerability is confirmed in
version 1.0.24. Other versions may also be affected.
Discovery 2011-07-12 Entry 2011-09-12 libsndfile
< 1.0.25
CVE-2011-2696
http://secunia.com/advisories/45125/
|
2b386075-1d9c-11e8-b6aa-4ccc6adda413 | libsndfile -- multiple vulnerabilities
Agostino Sarubbo, Gentoo reports:
CVE-2017-8361 (Medium): The flac_buffer_copy function in flac.c in
libsndfile 1.0.28 allows remote attackers to cause a denial of service
(buffer overflow and application crash) or possibly have unspecified
other impact via a crafted audio file.
CVE-2017-8362 (Medium): The flac_buffer_copy function in flac.c in
libsndfile 1.0.28 allows remote attackers to cause a denial of service
(invalid read and application crash) via a crafted audio file.
CVE-2017-8363 (Medium): The flac_buffer_copy function in flac.c in
libsndfile 1.0.28 allows remote attackers to cause a denial of service
(heap-based buffer over-read and application crash) via a crafted audio
file.
CVE-2017-8365 (Medium): The i2les_array function in pcm.c in libsndfile
1.0.28 allows remote attackers to cause a denial of service (buffer
over-read and application crash) via a crafted audio file.
manxorist on Github reports:
CVE-2017-12562 (High): Heap-based Buffer Overflow in the
psf_binheader_writef function in common.c in libsndfile through
1.0.28 allows remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact.
Xin-Jiang on Github reports:
CVE-2017-14634 (Medium): In libsndfile 1.0.28, a divide-by-zero
error exists in the function double64_init() in double64.c, which
may lead to DoS when playing a crafted audio file.
Discovery 2017-04-12 Entry 2018-03-01 libsndfile
linux-c6-libsndfile
linux-c7-libsndfile
< 1.0.28_2
CVE-2017-8361
https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-flac_buffer_copy-flac-c/
https://github.com/erikd/libsndfile/issues/232
https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
CVE-2017-8362
https://blogs.gentoo.org/ago/2017/04/29/libsndfile-invalid-memory-read-in-flac_buffer_copy-flac-c/
https://github.com/erikd/libsndfile/issues/231
https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808
CVE-2017-8363
https://blogs.gentoo.org/ago/2017/04/29/libsndfile-heap-based-buffer-overflow-in-flac_buffer_copy-flac-c/
https://github.com/erikd/libsndfile/issues/233
https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
https://github.com/erikd/libsndfile/commit/cd7da8dbf6ee4310d21d9e44b385d6797160d9e8
CVE-2017-8365
https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-i2les_array-pcm-c/
https://github.com/erikd/libsndfile/issues/230
https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
CVE-2017-12562
https://github.com/erikd/libsndfile/issues/292/
https://github.com/erikd/libsndfile/commit/cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8
CVE-2017-14634
https://github.com/erikd/libsndfile/issues/318
https://github.com/erikd/libsndfile/commit/85c877d5072866aadbe8ed0c3e0590fbb5e16788
|
30704aba-1da4-11e8-b6aa-4ccc6adda413 | libsndfile -- out-of-bounds reads
Xin-Jiang on Github reports:
CVE-2017-14245 (Medium): An out of bounds read in the function
d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote
DoS attack or information disclosure, related to mishandling of
the NAN and INFINITY floating-point values.
CVE-2017-14246 (Medium): An out of bounds read in the function
d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote
DoS attack or information disclosure, related to mishandling of the
NAN and INFINITY floating-point values.
my123px on Github reports:
CVE-2017-17456 (Medium): The function d2alaw_array() in alaw.c of
libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown
address 0x000000000000), a different vulnerability than CVE-2017-14245.
CVE-2017-17457 (Medium): The function d2ulaw_array() in ulaw.c of
libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown
address 0x000000000000), a different vulnerability than CVE-2017-14246.
Discovery 2017-09-11 Entry 2018-03-01 libsndfile
linux-c6-libsndfile
linux-c7-libsndfile
< 1.0.28_2
CVE-2017-14245
CVE-2017-14246
https://github.com/erikd/libsndfile/issues/317
CVE-2017-17456
CVE-2017-17457
https://github.com/erikd/libsndfile/issues/344
|
004debf9-1d16-11e8-b6aa-4ccc6adda413 | libsndfile -- out-of-bounds read memory access
Laurent Delosieres, Secunia Research at Flexera Software reports:
Secunia Research has discovered a vulnerability in libsndfile, which can be
exploited by malicious people to disclose potentially sensitive information.
The vulnerability is caused due to an error in the "aiff_read_chanmap()" function
(src/aiff.c), which can be exploited to cause an out-of-bounds read memory access
via a specially crafted AIFF file. The vulnerability is confirmed in version 1.0.28.
Other versions may also be affected.
Discovery 2017-05-23 Entry 2018-03-01 libsndfile
linux-c6-libsndfile
linux-c7-libsndfile
< 1.0.28_2
CVE-2017-6892
https://nvd.nist.gov/vuln/detail/CVE-2017-6892
https://secuniaresearch.flexerasoftware.com/secunia_research/2017-13/
https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748
|