CVE-2014-9496Improper Restriction of Operations within the Bounds of a Memory Buffer in Project Libsndfile

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 71.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Libsndfile Project LibsndfileCanonical Ubuntu LinuxDebian Linux+2 more
Timeline
PublishedJan 16
Latest updateMay 13

Description

The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages5 packages

Debianlibsndfile_project/libsndfile< 1.0.25-9.1+3
Ubuntulibsndfile_project/libsndfile< 1.0.25-7ubuntu2.1
NVDoracle/solaris11.2
NVDopensuse/opensuse13.1, 13.2+1

Also affects: Debian Linux 9.0, Ubuntu Linux 12.04, 14.04, 15.04, 15.10

Patches

Patch: www.openwall.comPatch: github.comPatch: www.openwall.com

🔴Vulnerability Details

4
GHSA
GHSA-pc8q-hxww-6c2f: The sd2_parse_rsrc_fork function in sd22022-05-13
OSV
libsndfile vulnerabilities2015-12-07
CVEList
CVE-2014-9496: The sd2_parse_rsrc_fork function in sd22015-01-16
OSV
CVE-2014-9496: The sd2_parse_rsrc_fork function in sd22015-01-16

📋Vendor Advisories

3
Ubuntu
libsndfile vulnerabilities2015-12-07
Red Hat
libsndfile: 2 buffer overruns in sd2_parse_rsrc_fork()2014-12-22
Debian
CVE-2014-9496: libsndfile - The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have...2014

💬Community

1
Bugzilla
CVE-2014-9496 libsndfile: 2 buffer overruns in sd2_parse_rsrc_fork()2015-01-05
CVE-2014-9496 — Project Libsndfile vulnerability | cvebase