Lucene search

K
debianDebianDEBIAN:DLA-356-1:234BE
HistoryNov 30, 2015 - 1:40 p.m.

[SECURITY] [DLA 356-1] libsndfile security update

2015-11-3013:40:13
lists.debian.org
17

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.11 Low

EPSS

Percentile

95.0%

Package : libsndfile
Version : 1.0.21-3+squeeze2
CVE ID : CVE-2014-9496 CVE-2014-9756 CVE-2015-7805
Debian Bug : 774162 804445 804447

CVE-2014-9496

The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows
attackers to have unspecified impact via vectors related to a (1) map
offset or (2) rsrc marker, which triggers an out-of-bounds read.

CVE-2014-9756

The psf_fwrite function in file_io.c in libsndfile allows attackers to
cause a denial of service (divide-by-zero error and application crash)
via unspecified vectors related to the headindex variable.

CVE-2015-7805

Heap-based buffer overflow in libsndfile 1.0.25 allows remote
attackers to have unspecified impact via the headindex value in the
header in an AIFF file.

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.11 Low

EPSS

Percentile

95.0%

Related for DEBIAN:DLA-356-1:234BE