CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Libsndfile Project » Libsndfile : Security Vulnerabilities Published In 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-16942 369 2017-11-25 2019-06-10
4.3
None Remote Medium Not required None None Partial
In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.
2 CVE-2017-14634 369 2017-09-21 2020-10-29
4.3
None Remote Medium Not required None None Partial
In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.
3 CVE-2017-14246 125 2017-09-21 2020-10-29
5.8
None Remote Medium Not required Partial None Partial
An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.
4 CVE-2017-14245 125 2017-09-21 2020-10-29
5.8
None Remote Medium Not required Partial None Partial
An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.
5 CVE-2017-12562 119 DoS Overflow 2017-08-05 2018-12-03
7.5
None Remote Low Not required Partial Partial Partial
Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
6 CVE-2017-8365 125 DoS 2017-04-30 2019-10-03
4.3
None Remote Medium Not required None None Partial
The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.
7 CVE-2017-8363 125 DoS 2017-04-30 2019-10-03
4.3
None Remote Medium Not required None None Partial
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.
8 CVE-2017-8362 125 DoS 2017-04-30 2019-03-04
4.3
None Remote Medium Not required None None Partial
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file.
9 CVE-2017-8361 119 DoS Overflow 2017-04-30 2019-03-05
6.8
None Remote Medium Not required Partial Partial Partial
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.
10 CVE-2017-7742 119 Overflow 2017-04-12 2017-07-11
4.3
None Remote Medium Not required None None Partial
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
11 CVE-2017-7741 119 Overflow 2017-04-12 2017-07-11
4.3
None Remote Medium Not required None None Partial
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
12 CVE-2017-7586 119 Overflow 2017-04-07 2017-07-11
4.3
None Remote Medium Not required None None Partial
In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
13 CVE-2017-7585 119 Overflow 2017-04-07 2017-07-11
4.3
None Remote Medium Not required None None Partial
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
14 CVE-2017-6892 119 Overflow 2017-06-12 2020-10-29
6.8
None Remote Medium Not required Partial Partial Partial
In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.
Total number of vulnerabilities : 14   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.