VYPR

rpm package

opensuse/libsndfile&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/libsndfile&distro=openSUSE%20Tumbleweed

Vulnerabilities (24)

  • CVE-2014-9496Jan 16, 2015
    affected < 1.0.26-2.4fixed 1.0.26-2.4

    The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.

  • CVE-2011-2696Jul 27, 2011
    affected < 1.0.26-2.4fixed 1.0.26-2.4

    Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based buffer overflow.

  • CVE-2009-0186Mar 5, 2009
    affected < 1.0.26-2.4fixed 1.0.26-2.4

    Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.

  • CVE-2007-4974Sep 19, 2007
    affected < 1.0.31-2.2fixed 1.0.31-2.2

    Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size.

Page 2 of 2