cbcvebase.
CVE-2014-9496
published 2015-01-16

CVE-2014-9496: The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker…

PriorityP47low2.1CVSS 2.0
AVLACLAuNCNINAP
EPSS
0.59%
43.6th percentile
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.

Affected

15 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debianlibsndfile< libsndfile 1.0.25-9.1 (bookworm)libsndfile 1.0.25-9.1 (bookworm)
libsndfile_projectlibsndfile< 1.0.261.0.26
libsndfile_projectlibsndfile>= 0 < 1.0.25-9.11.0.25-9.1
libsndfile_projectlibsndfile>= 0 < 1.0.25-9.11.0.25-9.1
libsndfile_projectlibsndfile>= 0 < 1.0.25-9.11.0.25-9.1
libsndfile_projectlibsndfile>= 0 < 1.0.25-9.11.0.25-9.1
libsndfile_projectlibsndfile>= 0 < 1.0.25-7ubuntu2.11.0.25-7ubuntu2.1
opensuseopensuse
opensuseopensuse
oraclesolaris

CVSS provenance

nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:N/A:P
osv2.1LOW
vendor_debian2.1LOW
vendor_redhat2.1LOW
vendor_ubuntu2.1LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.