Lucene search
K
Libsndfile ProjectLibsndfile

32 matches found

CVE
CVE
added 2018/07/04 2:0 p.m.463 views

CVE-2018-13139

CVE-2018-13139 describes a stack-based buffer overflow in the psf_memset function of common.c in libsndfile 1.0.28. The vulnerability can be triggered by the sndfile-deinterleave executable and may allow a remote attacker to cause a denial of service (application crash) or possibly other impact v...

8.8CVSS7.3AI score0.03574EPSS
CVE
CVE
added 2018/11/29 7:0 a.m.371 views

CVE-2018-19662

CVE-2018-19662 affects the libsndfile library (version 1.0.28) with a buffer over-read in the i2alaw_array function in alaw.c, leading to denial of service. Connected advisories confirm an upgraded/updated libsndfile release resolves the issue (e.g., enterprise/Linux distro advisories; Debian/Red...

8.1CVSS6.2AI score0.02312EPSS
CVE
CVE
added 2021/07/20 12:0 a.m.364 views

CVE-2021-3246

CVE-2021-3246 describes a heap buffer overflow in libsndfile’s msadpcm_decode_block (v1.0.30) that can allow arbitrary code execution through a crafted WAV file. Multiple connected advisories confirm the vulnerable component and affected library (libsndfile) and show vendor advisories for various...

8.8CVSS8.9AI score0.03292EPSS
CVE
CVE
added 2022/03/23 12:0 a.m.355 views

CVE-2021-4156

CVE-2021-4156 affects libsndfile’s FLAC codec, with an out-of-bounds read that can crash an application and potentially leak memory. Multiple advisories confirm vulnerable versions and fix versions across distributions: Debian LTS fixes in 1.0.28-6+deb10u2; Amazon Linux 2023 updates to 1.0.31-6.a...

7.1CVSS6.5AI score0.01754EPSS
CVE
CVE
added 2018/11/22 5:0 a.m.278 views

CVE-2018-19432

CVE-2018-19432 affects the libsndfile project, specifically version 1.0.28. The root cause is a NULL pointer dereference in the function sf_write_int (sndfile.c) , which can lead to a denial of service . Connected sources corroborate this issue and describe the same NULL dereference and its impac...

6.5CVSS6AI score0.02956EPSS
CVE
CVE
added 2017/06/12 4:0 p.m.273 views

CVE-2017-6892

CVE-2017-6892 affects libsndfile 1.0.28, with an out-of-bounds read in aiff_read_chanmap() (aiff.c) triggered by a specially crafted AIFF file. Several advisories confirm a patched release is available; vendors (Debian, Gentoo, Mageia, Fedora, etc.) require upgrading libsndfile to include the fix...

8.8CVSS6.3AI score0.02485EPSS
CVE
CVE
added 2018/11/30 3:0 a.m.237 views

CVE-2018-19758

CVE-2018-19758 affects libsndfile 1.0.28 with a heap-based buffer over-read in wav.c: wav_write_header, leading to denial of service. Multiple advisories indicate a fix is available via upgraded libsndfile packages (examples: Debian/ Mageia advisories citing updates to address this issue; Mariner...

6.5CVSS5.9AI score0.01689EPSS
CVE
CVE
added 2017/08/05 5:0 p.m.201 views

CVE-2017-12562

CVE-2017-12562 affects libsndfile, specifically the psf_binheader_writef function in common.c, with a heap-based buffer overflow that can be exploited remotely to crash the application or cause other impacts. Reported as affecting libsndfile up to version 1.0.28 (and related package entries acros...

9.8CVSS9.6AI score0.03978EPSS
CVE
CVE
added 2017/09/21 1:0 p.m.162 views

CVE-2017-14245

CVE-2017-14245 affects libsndfile 1.0.28, with an out-of-bounds read in d2alaw_array() and d2ulaw_array() (ulaw.c/alaw.c). The flaw arises from mishandling NAN/INFINITY floating-point values, enabling remote denial of service or information disclosure via crafted audio files. Several connected ad...

8.1CVSS6.2AI score0.02043EPSS
CVE
CVE
added 2018/11/29 7:0 a.m.161 views

CVE-2018-19661

CVE-2018-19661 affects libsndfile 1.0.28 with a buffer over-read in i2ulaw_array (ulaw.c) that can cause denial of service. Connected Nessus entries (RHEL, Oracle, TencentOS advisories) confirm the vulnerability occurrence in libsndfile; no patch details are provided in the supplied documents. Re...

6.5CVSS5.8AI score0.02107EPSS
CVE
CVE
added 2017/09/21 1:0 p.m.155 views

CVE-2017-14246

CVE-2017-14246 affects libsndfile 1.0.28, where an out-of-bounds read in the function d2ulaw_array() (ulaw.c) can allow a remote attacker to cause a denial of service or disclose information due to mishandling of NAN/INFINITY. Connected sources confirm the issue is tied to the d2ulaw_array/d2alaw...

8.1CVSS6.2AI score0.02229EPSS
CVE
CVE
added 2017/11/25 5:0 p.m.150 views

CVE-2017-16942

CVE-2017-16942 affects libsndfile up to version 1.0.25; fixed in 1.0.26. The issue is a divide-by-zero in wav_w64_read_fmt_chunk() (wav_w64.c) that may cause a DoS when opening or playing a crafted WAV/W64 file. The vulnerability is triggered during format chunk parsing and can crash the applicat...

6.5CVSS6.3AI score0.0123EPSS
CVE
CVE
added 2019/03/20 8:0 p.m.148 views

CVE-2019-3832

CVE-2019-3832 affects libsndfile (example: 1.0.28-14 in Mariner/Debian). The issue is a read past buffer limits in wav_write_header() due to an incomplete fix for CVE-2018-19758, enabling a local crash. Connected sources consistently reference libsndfile and note that upgrading to a newer libsndf...

5.5CVSS5.9AI score0.0051EPSS
CVE
CVE
added 2023/07/18 12:0 a.m.148 views

CVE-2022-33065

Libsndfile (CVE-2022-33065) has a multi-function integer overflow (in au_read_header and mat4_open/mat4_read_header) that can cause DoS and other unspecified impacts. Affected versions are older Libsndfile releases; Debian/AlmaLinux/Amazon Linux advisories (and CBLMariner) indicate fixes exist in...

7.8CVSS7.4AI score0.00351EPSS
CVE
CVE
added 2017/04/30 7:0 p.m.147 views

CVE-2017-8365

CVE-2017-8365 affects libsndfile 1.0.28 where the i2les_array function in pcm.c can cause a global buffer overflow via a crafted audio file, leading to denial of service (buffer over-read and crash). Connected advisories (Debian, Gentoo, Fedora, Mariner) note a patched release is available and ur...

6.5CVSS6.7AI score0.03423EPSS
CVE
CVE
added 2017/04/30 7:0 p.m.137 views

CVE-2017-8362

CVE-2017-8362 affects libsndfile 1.0.28 (flac_buffer_copy in flac.c). A crafted audio file can trigger an out-of-bounds read, leading to denial of service (invalid read and application crash). Multiple connected advisories corroborate DoS via crafted audio files and urge upgrading libsndfile to a...

6.5CVSS6.7AI score0.03423EPSS
CVE
CVE
added 2017/09/21 7:0 a.m.131 views

CVE-2017-14634

CVE-2017-14634 concerns libsndfile 1.0.28, where the divide-by-zero in double64_init() (double64.c) may cause a Denial of Service when opening a crafted audio file. The issue is documented across multiple advisories and vendors. Impact is a DoS via crafted input; exploit details are not provided ...

6.5CVSS6.3AI score0.02076EPSS
CVE
CVE
added 2017/04/07 8:0 p.m.129 views

CVE-2017-7585

Libsndfile prior to 1.0.28 contains a flaw in flac_buffer_copy() (flac.c) that can be triggered by a specially crafted FLAC file to cause a stack-based buffer overflow. This affects libsndfile versions before 1.0.28; fixes are available by upgrading to 1.0.28 or newer (as noted in Debian/ Gentoo/...

5.5CVSS5.6AI score0.01294EPSS
CVE
CVE
added 2017/04/30 7:0 p.m.127 views

CVE-2017-8363

CVE-2017-8363 affects libsndfile 1.0.28, where the flac_buffer_copy function (flac.c) is vulnerable to a heap-based out-of-bounds read via a crafted audio file, causing denial of service. Documented in multiple advisories; impact is a crash/DoS. Affected packages include libsndfile and various OS...

6.5CVSS6.8AI score0.03347EPSS
CVE
CVE
added 2017/04/30 7:0 p.m.126 views

CVE-2017-8361

The CVE-2017-8361 issue affects libsndfile 1.0.28 and is caused by a flaw in the flac_buffer_copy function (flac.c), enabling a crafted audio file to trigger a denial of service via a buffer overflow. The vulnerability is exploitable remotely and could crash the application; some reports mention ...

8.8CVSS8.8AI score0.03902EPSS
CVE
CVE
added 2017/04/12 6:0 p.m.122 views

CVE-2017-7742

CVE-2017-7742 affects libsndfile prior to 1.0.28. The issue lies in the flac_buffer_copy() function (flac.c), allowing a specially crafted FLAC file to trigger a segmentation fault via a resample operation (read access). This is the same class of issue as CVE-2017-7585. Public references note the...

5.5CVSS5.4AI score0.01388EPSS
CVE
CVE
added 2015/01/16 4:0 p.m.118 views

CVE-2014-9496

CVE-2014-9496 affects libsndfile: the sd2_parse_rsrc_fork function in sd2.c can trigger an out-of-bounds read via an (1) map offset or (2) rsrc marker. Multiple connected advisories confirm this vulnerability in libsndfile and list out-of-bounds reads as the impact. The condition is tied to the s...

2.1CVSS6.4AI score0.00586EPSS
CVE
CVE
added 2024/10/27 12:0 a.m.118 views

CVE-2024-50612

CVE-2024-50612 affects libsndfile up to 1.2.2, with an out-of-bounds read in ogg_vorbis.c vorbis_analysis_wrote() that can lead to memory corruption when parsing crafted input. Public advisories across distributions confirm remediation by upgrading to newer libsndfile packages (e.g., Debian 1.0.3...

5.5CVSS6.9AI score0.00308EPSS
CVE
CVE
added 2017/04/12 6:0 p.m.115 views

CVE-2017-7741

CVE-2017-7741 affects libsndfile prior to 1.0.28. The flaw is in flac_buffer_copy() (flac.c) and can cause a segmentation fault with write memory access during a resample of a specially crafted FLAC file, similar to CVE-2017-7585. Connected sources confirm the vulnerability in libsndfile and reco...

5.5CVSS5.5AI score0.01188EPSS
CVE
CVE
added 2017/04/07 8:0 p.m.89 views

CVE-2017-7586

Libsndfile has a confirmed vulnerability CVE-2017-7586 affecting the header_read() path (common.c) when parsing ID3 tags in FLAC files, with a stack-based buffer overflow risk. Affected versions include libsndfile up to 1.0.28; multiple connected advisories reference this issue and track upgrades...

5.5CVSS5.6AI score0.01243EPSS
CVE
CVE
added 2015/11/19 8:0 p.m.88 views

CVE-2014-9756

CVE-2014-9756 affects libsndfile, where the psf_fwrite function in file_io.c can trigger a divide-by-zero error via the headindex variable, leading to a denial of service (application crash). The available connected sources confirm the vulnerable component and nature of the issue but do not provi...

5CVSS6.2AI score0.02859EPSS
CVE
CVE
added 2024/10/27 12:0 a.m.73 views

CVE-2024-50613

CVE-2024-50613 affects libsndfile up to version 1.2.2, where a reachable assertion in mpeg_l3_encode.c:mpeg_l3_encoder_close can cause an application exit. Multiple sources (NVD entry) confirm the vulnerable component and impact (availability impact, CVSS v3.1: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H...

6.5CVSS6.9AI score0.00513EPSS
CVE
CVE
added 2023/07/18 12:0 a.m.69 views

CVE-2022-33064

CVE-2022-33064 stems from an off-by-one error in function wav_read_header in src/wav.c of Libsndfile 1.1.0, causing a write-out-of-bounds condition. Multiple sources (NVD entry and vendor advisories) describe this vulnerability as enabling arbitrary code execution, Denial of Service, or other uns...

7.8CVSS7.7AI score0.00314EPSS
CVE
CVE
added 2018/07/07 5:0 p.m.55 views

CVE-2018-13419

CVE-2018-13419 affects the Libsndfile library version 1.0.28, with a reported memory leak in the function psf_allocate in common.c (as shown by sndfile-convert). The issue has been repeatedly noted as difficult to reproduce by maintainers, and several sources indicate the issue was closed or disp...

6.5CVSS6.3AI score0.01267EPSS
CVE
CVE
added 2025/08/21 12:0 a.m.52 views

CVE-2025-52194

CVE-2025-52194 affects libsndfile (v1.2.2 and potentially earlier) with a buffer overflow in ircam_read_header (src/ircam.c:164) during IRCAM audio file sample-rate processing. This causes memory corruption and can lead to code execution. Connected sources corroborate the same vulnerability descr...

7.5CVSS8AI score0.00585EPSS
CVE
CVE
added 2026/04/29 12:0 a.m.31 views

CVE-2026-37555

The CVE-2026-37555 entry describes a vulnerability in libsndfile 1.2.2’s IMA ADPCM codec. The AIFF path was fixed via a (sf_count_t) cast, but the WAV and close paths remain vulnerable. When samplesperblock (int) * blocks (int) exceeds INT_MAX, a 32-bit multiplication overflows before assignment ...

8.2CVSS5.8AI score0.00504EPSS
CVE
CVE
added 2026/01/14 12:0 a.m.13 views

CVE-2025-56226

CVE-2025-56226 affects the library libsndfile version

5.3CVSS6.5AI score0.00312EPSS