Lucene search
UbuntuUSN-525-1HistoryOct 04, 2007 - 12:00 a.m.
libsndfile vulnerability
2007-10-0400:00:00
ubuntu.com
35
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.3
Confidence
Low
EPSS
0.371
Percentile
97.2%
Releases
- Ubuntu 7.04
- Ubuntu 6.10
- Ubuntu 6.06
Packages
- libsndfile -
Details
Robert Buchholz discovered that libsndfile did not correctly validate the
size of its memory buffers. If a user were tricked into playing a specially
crafted FLAC file, a remote attacker could execute arbitrary code with user
privileges.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 7.04 | noarch | libsndfile1 | < 1.0.16-1ubuntu0.7.04.1 | UNKNOWN |
| Ubuntu | 7.04 | noarch | libsndfile1-dev | < 1.0.16-1ubuntu0.7.04.1 | UNKNOWN |
| Ubuntu | 7.04 | noarch | sndfile-programs | < 1.0.16-1ubuntu0.7.04.1 | UNKNOWN |
| Ubuntu | 6.10 | noarch | libsndfile1 | < 1.0.16-1ubuntu0.6.10.1 | UNKNOWN |
| Ubuntu | 6.10 | noarch | libsndfile1-dev | < 1.0.16-1ubuntu0.6.10.1 | UNKNOWN |
| Ubuntu | 6.10 | noarch | sndfile-programs | < 1.0.16-1ubuntu0.6.10.1 | UNKNOWN |
| Ubuntu | 6.06 | noarch | libsndfile1 | < 1.0.12-3ubuntu1 | UNKNOWN |
| Ubuntu | 6.06 | noarch | libsndfile1-dev | < 1.0.12-3ubuntu1 | UNKNOWN |
| Ubuntu | 6.06 | noarch | sndfile-programs | < 1.0.12-3ubuntu1 | UNKNOWN |
References
Related
openvas
openvas
Fedora Update for libsndfile FEDORA-2007-2236
2009-02-27 00:00:00
Mandriva Update for libsndfile MDKSA-2007:191 (libsndfile)
2009-04-09 00:00:00
Gentoo Security Advisory GLSA 200710-04 (libsndfile)
2008-09-24 00:00:00
gentoo
gentoo
libsndfile: Buffer overflow
2007-10-07 00:00:00
nvd
nvd
CVE-2007-4974
2007-09-19 17:17:00
nessus
nessus
Ubuntu 6.06 LTS / 6.10 / 7.04 : libsndfile vulnerability (USN-525-1)
2007-11-10 00:00:00
Fedora 7 : libsndfile-1.0.17-2.fc7 (2007-2236)
2007-11-06 00:00:00
GLSA-200710-04 : libsndfile: Buffer overflow
2007-10-09 00:00:00
debian
debian
[SECURITY] [DSA 1442-2] New libsndfile packages fix arbitrary code execution
2007-12-29 01:41:21
ubuntucve
ubuntucve
CVE-2007-4974
2007-09-19 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: libsndfile-1.0.17-2.fc7
2007-09-24 18:00:24
debiancve
debiancve
CVE-2007-4974
2007-09-19 17:17:00
prion
prion
Heap overflow
2007-09-19 17:17:00
cvelist
cvelist
CVE-2007-4974
2007-09-19 17:00:00
cve
cve
CVE-2007-4974
2007-09-19 17:17:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.3
Confidence
Low
EPSS
0.371
Percentile
97.2%
Related for USN-525-1