rpm package
opensuse/libsndfile-progs&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/libsndfile-progs&distro=openSUSE%20Tumbleweed
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-9756 | — | < 1.0.26-2.4 | 1.0.26-2.4 | Nov 19, 2015 | The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable. | ||
| CVE-2015-7805 | — | < 1.0.26-2.4 | 1.0.26-2.4 | Nov 17, 2015 | Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file. | ||
| CVE-2014-9496 | — | < 1.0.26-2.4 | 1.0.26-2.4 | Jan 16, 2015 | The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read. | ||
| CVE-2011-2696 | — | < 1.0.26-2.4 | 1.0.26-2.4 | Jul 27, 2011 | Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based buffer overflow. | ||
| CVE-2009-0186 | — | < 1.0.26-2.4 | 1.0.26-2.4 | Mar 5, 2009 | Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow. |
- CVE-2014-9756Nov 19, 2015affected < 1.0.26-2.4fixed 1.0.26-2.4
The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.
- CVE-2015-7805Nov 17, 2015affected < 1.0.26-2.4fixed 1.0.26-2.4
Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file.
- CVE-2014-9496Jan 16, 2015affected < 1.0.26-2.4fixed 1.0.26-2.4
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.
- CVE-2011-2696Jul 27, 2011affected < 1.0.26-2.4fixed 1.0.26-2.4
Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based buffer overflow.
- CVE-2009-0186Mar 5, 2009affected < 1.0.26-2.4fixed 1.0.26-2.4
Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.