ROSA LABROSA-SA-2021-1890Advisory ROSA-SA-2021-1890
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.7 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.11 Low
EPSS
Percentile
95.0%
Software: libsndfile 1.0.25
OS: Cobalt 7.9
CVE-ID: CVE-2014-9756
CVE-Crit: CRITICAL
CVE-DESC: The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (division-by-zero error and application crash) via undefined vectors associated with the headindex variable.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2014-9496
CVE-Crit: CRITICAL
CVE-DESC: The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have undefined impact via vectors associated with (1) a map offset or (2) an rsrc token that triggers an out-of-bounds read.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2015-7805
CVE-Crit: MEDIUM
CVE-DESC: heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have undefined impact via headindex value in header in AIFF file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2017-16942
CVE-Crit: MEDIUM
CVE-DESC: In libsndfile 1.0.25 (fixed in 1.0.26), a division-by-zero error exists in the wav_w64_read_fmt_chunk () function in wav_w64.c, which may cause a DoS when playing a created audio file.
CVE-STATUS: by default
CVE-REV: default
CVE-ID: CVE-2017-7585
CVE-Crit: MEDIUM
CVE-DESC: In libsndfile before 1.0.28, a bug in the “flac_buffer_copy ()” function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2017-7586
CVE-Crit: MEDIUM
CVE-DESC: In libsndfile before 1.0.28, a bug in the header_read () function (common.c) when processing ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2017-7741
CVE-Crit: MEDIUM
CVE-DESC: in libsndfile before 1.0.28, a bug in the flac_buffer_copy () function (flac.c) can be exploited to break segmentation (with write access to memory) via a specially crafted FLAC file during a resampling attempt. , an issue similar to CVE-2017-7585.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2017-7742
CVE-Crit: MEDIUM
CVE-DESC: in libsndfile before 1.0.28, a bug in the flac_buffer_copy () function (flac.c) can be exploited to break segmentation (with read access to memory) via a specially crafted FLAC file during a resample attempt. , an issue similar to CVE-2017-7585.
CVE-STATUS: default
CVE-REV: default
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Cobalt | any | noarch | libsndfile | < 1.0.25 | UNKNOWN |
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.7 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.11 Low
EPSS
Percentile
95.0%