CVE-2021-3246 log

Source
Severity Medium
Remote Yes
Type Arbitrary code execution
Description
A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile before version 1.1.0 allows attackers to execute arbitrary code via a crafted WAV file.
Group Package Affected Fixed Severity Status Ticket
AVG-2186 lib32-libsndfile 1.0.31-1 Medium Vulnerable
AVG-2185 libsndfile 1.0.31-1 Medium Vulnerable
References
https://github.com/libsndfile/libsndfile/issues/687
https://oss-fuzz.com/testcase-detail/5696502087024640
https://github.com/libsndfile/libsndfile/pull/707
https://github.com/libsndfile/libsndfile/commit/9e0e55f8bfa60bddca083ff85699f855c91c42e7