libsndfile: multiple issues

2016-02-06T00:00:00
ID ASA-201602-8
Type archlinux
Reporter Arch Linux
Modified 2016-02-06T00:00:00

Description

  • CVE-2014-9496 (unspecified impact) The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.

  • CVE-2014-9756 (denial of service) The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.

  • CVE-2015-7805 (unspecified impact) Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file.