cbcvebase.
CVE-2011-2696
published 2011-07-27

CVE-2011-2696: Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a…

PriorityP334medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
4.65%
90.6th percentile
Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based buffer overflow.

Affected

32 ranges· showing 25
VendorProductVersion rangeFixed in
debianlibsndfile< libsndfile 1.0.25-1 (bookworm)libsndfile 1.0.25-1 (bookworm)
libsndfile_projectlibsndfile>= 0 < 1.0.25-11.0.25-1
libsndfile_projectlibsndfile>= 0 < 1.0.25-11.0.25-1
libsndfile_projectlibsndfile>= 0 < 1.0.25-11.0.25-1
libsndfile_projectlibsndfile>= 0 < 1.0.25-11.0.25-1
mega-nerdlibsndfile<= 1.0.24
mega-nerdlibsndfile
mega-nerdlibsndfile
mega-nerdlibsndfile
mega-nerdlibsndfile
mega-nerdlibsndfile
mega-nerdlibsndfile
mega-nerdlibsndfile
mega-nerdlibsndfile
mega-nerdlibsndfile
mega-nerdlibsndfile
mega-nerdlibsndfile
mega-nerdlibsndfile
mega-nerdlibsndfile
mega-nerdlibsndfile
mega-nerdlibsndfile
mega-nerdlibsndfile
mega-nerdlibsndfile
mega-nerdlibsndfile
mega-nerdlibsndfile

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.