EUVD-2017-2736

Malware in sbrugna...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : SoX regression (USN-5904-2)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5904-2 advisory. USN-5904-1 fixed vulnerabilities in SoX. It was discovered that the fix for CVE-2021-33844 was incomplete. This update fixes t...

Denial Of Service (DoS)

libsox.so is vulnerable to denial of service. The vulnerability exists due to a floating point exception in startread function in wav.c which allows an attacker to send a crafted wav file causing an application crash...

CVE-2021-33844

A floating point exception divide-by-zero issue was discovered in SoX in functon startread of wav.c file. An attacker with a crafted wav file, could cause an application to crash...

CVE-2021-33844

CVE-2021-33844 is a SoX vulnerability: a floating point divide-by-zero in wav.c:startread() can crash an application when processing a crafted WAV file. The connected advisories confirm this issue across multiple distributions and note vulnerable SoX versions. In Amazon Linux 2, the fix is delive...

Security update for libsndfile (critical)

openSUSE Security Update: Security update for libsndfile Announcement ID: openSUSE-SU-2021:1166-1 Rating: critical References: 1100167 1116993 1117954 1188540 Cross-References: CVE-2018-13139 CVE-2018-19432 CVE-2018-19758 CVE-2021-3246 CVSS scores: CVE-2018-13139 NVD : 8.8...

There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.

...

Updated libsndfile packages fix security vulnerability

A heap-based buffer over-read at wav.c in wavwriteheader that could be used for a denial of service attack CVE-2018-19758...

SUSE SLES11 Security Update : libsndfile (SUSE-SU-2019:14008-1)

This update for libsndfile fixes the following issues : Security issues fixed : CVE-2017-17456: Prevent segmentation fault in the function d2alawarray that may have lead to a remote DoS bsc1071777. CVE-2017-17457: Prevent segmentation fault in the function d2ulawarray that may have lead to a remo...

CVE-2019-3832

It was discovered the fix for CVE-2018-19758 libsndfile was not complete and still allows a read beyond the limits of a buffer in wavwriteheader function in wav.c. A local attacker may use this flaw to make the application crash...

CVE-2018-19758

There is a heap-based buffer over-read at wav.c in wavwriteheader in libsndfile 1.0.28 that will cause a denial of service...

ALPINE-CVE-2018-19758

There is a heap-based buffer over-read at wav.c in wavwriteheader in libsndfile 1.0.28 that will cause a denial of service...

CVE-2018-19758

There is a heap-based buffer over-read at wav.c in wavwriteheader in libsndfile 1.0.28 that will cause a denial of service...

CVE-2018-19758

CVE-2018-19758 affects libsndfile 1.0.28 with a heap-based buffer over-read in wav.c: wav_write_header, leading to denial of service. Multiple advisories indicate a fix is available via upgraded libsndfile packages (examples: Debian/ Mageia advisories citing updates to address this issue; Mariner...

CVE-2018-19758

There is a heap-based buffer over-read at wav.c in wavwriteheader in libsndfile 1.0.28 that will cause a denial of service...

CVE-2017-16890

SWFTools 0.9.2 has a divide-by-zero error in the wavconvert2mono function in lib/wav.c because the align value may be zero...

CVE-2017-16890

Removed by vendor...

CVE-2017-16890

SWFTools 0.9.2 is affected by CVE-2017-16890 due to a divide-by-zero in wav_convert2mono (lib/wav.c) when the align value can be zero. The issue is documented across multiple feeds; Debian lists it as removed by vendor, indicating some patch status, while other sources do not confirm a vendor pat...

SWFTools Denial of Service Vulnerability (CNVD-2017-37437)

SWFTools is a utility toolset for working with Adobe Flash files SWF files. A security vulnerability exists in the 'wavconvert2mono' function in the lib/wav.c file in SWFTools version 0.9.2, which stems from the program's failure to properly restrict multiplication in malloc calls. The...

CVE-2017-16868

CVE-2017-16868 affects SWFTools 0.9.2. The vulnerability lies in the wav_convert2mono function (lib/wav.c), where a multiplication within a malloc call is not properly restricted, enabling an attacker to cause a denial of service via a crafted WAV file through integer overflow and NULL pointer de...