CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50612 – libsndfile: Segmentation fault error in ogg_vorbis.c:417 vorbis_analysis_wrote()
https://notcve.org/view.php?id=CVE-2024-50612
27 Oct 2024 — libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read. A flaw was found in the libsndfile package. A specially crafted input file may trigger an out-of-bounds read, leading to memory corruption and a denial of service. It was discovered that libsndfile incorrectly handled memory when executing its FLAC codec. If a user or automated system were tricked into processing a specially crafted sound file, an attacker could possibly use this issue to cause a denial of service or obta... • https://github.com/libsndfile/libsndfile/issues/1035 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-33064
https://notcve.org/view.php?id=CVE-2022-33064
18 Jul 2023 — An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts. • https://github.com/libsndfile/libsndfile/issues/832 • CWE-193: Off-by-one Error •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-33065 – libsndfile: integer overflow in src/mat4.c and src/au.c leads to DoS
https://notcve.org/view.php?id=CVE-2022-33065
18 Jul 2023 — Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts. Libsndfile is vulnerable to integer overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c allows an attacker to cause Denial of Service. It was discovered that libsndfile contained multiple arithmetic overflows. If a user or autom... • https://github.com/libsndfile/libsndfile/issues/789 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 2CVE-2021-4156 – libsndfile: heap out-of-bounds read in src/flac.c in flac_buffer_copy
https://notcve.org/view.php?id=CVE-2021-4156
23 Mar 2022 — An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws. Se ha encontrado un fallo de lectura fuera de límites en la funcionalidad del códec FL... • https://bugzilla.redhat.com/show_bug.cgi?id=2027690 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 1CVE-2021-3246 – libsndfile: Heap buffer overflow via crafted WAV file allows arbitrary code execution
https://notcve.org/view.php?id=CVE-2021-3246
20 Jul 2021 — A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file. Una vulnerabilidad de desbordamiento de buffer en la función msadpcm_decode_block de libsndfile versión 1.0.30, permite a atacantes ejecutar código arbitrario por medio de un archivo WAV diseñado A heap buffer overflow flaw was found in libsndfile. This flaw allows an attacker to execute arbitrary code via a crafted WAV file. The highest threat from this vulner... • https://github.com/libsndfile/libsndfile/issues/687 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2019-3832 – Ubuntu Security Notice USN-4704-1
https://notcve.org/view.php?id=CVE-2019-3832
20 Mar 2019 — It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash. Se ha descubierto que la solución para CVE-2018-19758 (libsndfile) no estaba completa y sigue permitiendo una lectura más allá de los límites de un búfer en la función wav_write_header() en wav.c. Un atacante local podría utilizar este fallo para provocar un cierre inesperado... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3832 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-19758 – Ubuntu Security Notice USN-4704-1
https://notcve.org/view.php?id=CVE-2018-19758
30 Nov 2018 — There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. Existe una sobrelectura de búfer basada en memoria dinámica (heap) en wav.c en wav_write_header en libsndfile 1.0.28 que provoca una denegación de servicio (DoS). It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. It wa... • https://bugzilla.redhat.com/show_bug.cgi?id=1643812 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 1CVE-2018-19661 – Ubuntu Security Notice USN-4704-1
https://notcve.org/view.php?id=CVE-2018-19661
29 Nov 2018 — An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service. Se ha descubierto un problema en libsndfile 1.0.28. Existe una sobrelectura de búfer en la función i2ulaw_array en ulaw.c que provoca una denegación de servicio. It was discovered that libsndfile incorrectly handled certain malformed files. • https://github.com/erikd/libsndfile/issues/429 • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2018-19662 – libsndfile: buffer over-read in the function i2alaw_array in alaw.c
https://notcve.org/view.php?id=CVE-2018-19662
29 Nov 2018 — An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service. Se ha descubierto un problema en libsndfile 1.0.28. Existe una sobrelectura de búfer en la función i2alaw_array en alaw.c que provoca una denegación de servicio. libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Issues addressed include a buffer over-read vulnerability. • https://github.com/erikd/libsndfile/issues/429 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 1CVE-2018-19432 – Ubuntu Security Notice USN-4704-1
https://notcve.org/view.php?id=CVE-2018-19432
22 Nov 2018 — An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. Se ha descubierto un problema en libsndfile 1.0.28. Existe una desreferencia de puntero NULL en la función sf_write_int en sndfile.c que provocaría un ataque de denegación de servicio (DoS). It was discovered that libsndfile incorrectly handled certain malformed files. • http://www.securityfocus.com/bid/105996 • CWE-476: NULL Pointer Dereference •