CVE-2009-4835
published 2010-05-06CVE-2009-4835: The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow…
PriorityP410medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
1.44%
69.9th percentile
The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libsndfile | < libsndfile 1.0.21-3 (bookworm) | libsndfile 1.0.21-3 (bookworm) |
| libsndfile_project | libsndfile | >= 0 < 1.0.21-3 | 1.0.21-3 |
| libsndfile_project | libsndfile | >= 0 < 1.0.21-3 | 1.0.21-3 |
| libsndfile_project | libsndfile | >= 0 < 1.0.21-3 | 1.0.21-3 |
| libsndfile_project | libsndfile | >= 0 < 1.0.21-3 | 1.0.21-3 |
| mega-nerd | libsndfile | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2009-4835: libsndfile - The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32...
vendor_debian·2009·CVSS 4.3
CVE-2009-4835 [MEDIUM] CVE-2009-4835: libsndfile - The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32...
The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file.
Scope: local
bookworm: resolved (fixed in 1.0.21-3)
bullseye: resolved (fixed in 1.0.21-3)
forky: resolved (fixed in 1.0.21-3)
sid: resolved (fixed in 1.0.21-3)
trixie: resolved (fixed in 1.0.21-3)
GHSA
GHSA-rfpj-4fj4-rm47: The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1
ghsa_unreviewed·2022-05-02
CVE-2009-4835 [MEDIUM] GHSA-rfpj-4fj4-rm47: The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1
The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file.
OSV
CVE-2009-4835: The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1
osv·2010-05-06·CVSS 4.3
CVE-2009-4835 [MEDIUM] CVE-2009-4835: The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1
The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831http://secunia.com/advisories/35266http://www.securityfocus.com/bid/35126http://www.vupen.com/english/advisories/2009/1446http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831http://secunia.com/advisories/35266http://www.securityfocus.com/bid/35126http://www.vupen.com/english/advisories/2009/1446
2010-05-06
Published