Lucene search
Ubuntu.comUB:CVE-2022-33065HistoryJul 18, 2023 - 12:00 a.m.
CVE-2022-33065
2023-07-1800:00:00
ubuntu.com
ubuntu.com
17
libsndfile
integer overflow
vulnerabilities
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
21.6%
Multiple signed integers overflow in function au_read_header in src/au.c
and in functions mat4_open and mat4_read_header in src/mat4.c in
Libsndfile, allows an attacker to cause Denial of Service or other
unspecified impacts.
Bugs
- <https://github.com/libsndfile/libsndfile/issues/789>
- <https://github.com/libsndfile/libsndfile/issues/833 (dupe of 789)>
- <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051891>
Notes
| Author | Note |
|---|---|
| mdeslaur | as of 2023-09-21, there is no upstream fix for this issue |
| ccdm94 | upstream patch released 2023-10-10. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | libsndfile | < 1.0.28-4ubuntu0.18.04.2+esm1 | UNKNOWN |
| ubuntu | 20.04 | noarch | libsndfile | < 1.0.28-7ubuntu0.2 | UNKNOWN |
| ubuntu | 22.04 | noarch | libsndfile | < 1.0.31-2ubuntu0.1 | UNKNOWN |
| ubuntu | 23.04 | noarch | libsndfile | < 1.2.0-1ubuntu0.1 | UNKNOWN |
| ubuntu | 23.10 | noarch | libsndfile | < 1.2.2-1ubuntu0.23.10.1 | UNKNOWN |
| ubuntu | 14.04 | noarch | libsndfile | < 1.0.25-7ubuntu2.2+esm3 | UNKNOWN |
| ubuntu | 16.04 | noarch | libsndfile | < 1.0.25-10ubuntu0.16.04.3+esm3 | UNKNOWN |
Related
nessus
nessus
EulerOS 2.0 SP9 : libsndfile (EulerOS-SA-2023-3338)
2024-01-16 00:00:00
CentOS 8 : libsndfile (CESA-2024:3030)
2024-05-22 00:00:00
Oracle Linux 8 : libsndfile (ELSA-2024-3030)
2024-05-28 00:00:00
oraclelinux
oraclelinux
libsndfile security update
2024-05-23 00:00:00
libsndfile security update
2024-05-02 00:00:00
cve
cve
CVE-2022-33065
2023-07-18 14:15:12
osv
osv
libsndfile vulnerability
2023-11-02 20:36:08
Moderate: libsndfile security update
2024-05-22 00:00:00
Moderate: libsndfile security update
2024-04-30 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for libsndfile (EulerOS-SA-2024-1087)
2024-01-09 00:00:00
openSUSE: Security Advisory for libsndfile (SUSE-SU-2023:4330-1)
2024-03-04 00:00:00
Huawei EulerOS: Security Advisory for libsndfile (EulerOS-SA-2023-3338)
2023-12-12 00:00:00
nvd
nvd
CVE-2022-33065
2023-07-18 14:15:12
veracode
veracode
Denial Of Service (DoS)
2023-10-10 04:13:09
debiancve
debiancve
CVE-2022-33065
2023-07-18 14:15:12
almalinux
almalinux
Moderate: libsndfile security update
2024-04-30 00:00:00
Moderate: libsndfile security update
2024-05-22 00:00:00
redhatcve
redhatcve
CVE-2022-33065
2023-09-15 11:54:11
mageia
mageia
Updated libsndfile packages fix a security vulnerability
2023-11-07 02:08:32
amazon
amazon
Medium: libsndfile
2024-01-03 21:04:00
prion
prion
Buffer overflow
2023-07-18 14:15:00
redhat
redhat
(RHSA-2024:2184) Moderate: libsndfile security update
2024-04-30 06:14:59
(RHSA-2024:3030) Moderate: libsndfile security update
2024-05-22 06:35:24
ubuntu
ubuntu
libsndfile vulnerability
2023-11-02 00:00:00
freebsd
freebsd
libsndfile_project -- Integer overflow in dataend calculation
2023-07-18 00:00:00
cvelist
cvelist
CVE-2022-33065
2023-07-18 00:00:00
hp
hp
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00
HP ThinPro 8.0 SP 8 Security Updates
2024-03-01 00:00:00
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
21.6%
Related for UB:CVE-2022-33065