Veracode Vulnerability DatabaseVERACODE:7247Heap-based Buffer Overflow
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
libsndfile is vulnerable to heap-based buffer overflow. This is due to the wrong management of the headindex and headend values while parsing AIFF header values. An attacker is able to exploit this vulnerability to overwrite memory heap by manipulating index values to use memcpy() via a malicious AIFF file.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libsndfile.so | le | 1.0.25 |
References
lists.fedoraproject.org/pipermail/package-announce/2015-November/171466.html
lists.fedoraproject.org/pipermail/package-announce/2015-November/172593.html
lists.fedoraproject.org/pipermail/package-announce/2015-November/172607.html
lists.opensuse.org/opensuse-updates/2015-11/msg00077.html
lists.opensuse.org/opensuse-updates/2015-11/msg00145.html
packetstormsecurity.com/files/133926/libsndfile-1.0.25-Heap-Overflow.html
www.nemux.org/2015/10/13/libsndfile-1-0-25-heap-overflow/
www.openwall.com/lists/oss-security/2015/11/03/3
www.openwall.com/lists/oss-security/2015/11/03/7
www.securityfocus.com/bid/77427
www.ubuntu.com/usn/USN-2832-1
packetstormsecurity.com/files/133926/libsndfile-1.0.25-Heap-Overflow.html
security.gentoo.org/glsa/201612-03
www.exploit-db.com/exploits/38447/
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C