libsndfile

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A C library for reading and writing files containing sampled audio data
Version 1.0.31-1 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-2185 1.0.31-1 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-3246 AVG-2185 Medium Yes Arbitrary code execution
A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile before version 1.1.0 allows attackers to execute arbitrary code via a crafted WAV file.

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1549 1.0.28-3 1.0.31-1 Medium Fixed FS#57434
Issue Group Severity Remote Type Description
CVE-2019-3832 AVG-1549 Medium No Information disclosure
It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header()...
CVE-2018-19758 AVG-1549 Medium No Information disclosure
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.
CVE-2018-19662 AVG-1549 Medium No Information disclosure
An issue was discovered in libsndfile 1.0.28. There is a buffer over- read in the function i2alaw_array in alaw.c that will lead to a denial of service.
CVE-2018-19661 AVG-1549 Medium No Information disclosure
An issue was discovered in libsndfile 1.0.28. There is a buffer over- read in the function i2ulaw_array in ulaw.c that will lead to a denial of service.
CVE-2018-19432 AVG-1549 Low No Denial of service
An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service.
CVE-2018-13139 AVG-1549 Medium No Arbitrary code execution
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or...
CVE-2017-14634 AVG-1549 Low No Denial of service
In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.
CVE-2017-14246 AVG-1549 Medium No Information disclosure
An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to...
CVE-2017-14245 AVG-1549 Medium No Information disclosure
An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to...
CVE-2017-12562 AVG-1549 Medium No Information disclosure
A heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of...
CVE-2017-8365 AVG-1549 Low No Denial of service
The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a...
CVE-2017-8363 AVG-1549 Low No Denial of service
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over- read and...
CVE-2017-8362 AVG-1549 Low No Denial of service
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a...
CVE-2017-8361 AVG-1549 Medium No Information disclosure
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or...
CVE-2017-6892 AVG-1549 Medium No Information disclosure
In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a...