CVE-2014-9496
published 2015-01-16CVE-2014-9496: The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker…
PriorityP47low2.1CVSS 2.0
AVLACLAuNCNINAP
EPSS
0.59%
43.6th percentile
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | libsndfile | < libsndfile 1.0.25-9.1 (bookworm) | libsndfile 1.0.25-9.1 (bookworm) |
| libsndfile_project | libsndfile | < 1.0.26 | 1.0.26 |
| libsndfile_project | libsndfile | >= 0 < 1.0.25-9.1 | 1.0.25-9.1 |
| libsndfile_project | libsndfile | >= 0 < 1.0.25-9.1 | 1.0.25-9.1 |
| libsndfile_project | libsndfile | >= 0 < 1.0.25-9.1 | 1.0.25-9.1 |
| libsndfile_project | libsndfile | >= 0 < 1.0.25-9.1 | 1.0.25-9.1 |
| libsndfile_project | libsndfile | >= 0 < 1.0.25-7ubuntu2.1 | 1.0.25-7ubuntu2.1 |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| oracle | solaris | — | — |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:N/A:P
osv2.1LOW
vendor_debian2.1LOW
vendor_redhat2.1LOW
vendor_ubuntu2.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
libsndfile vulnerabilities
vendor_ubuntu·2015-12-07·CVSS 2.1
CVE-2014-9496 [LOW] libsndfile vulnerabilities
Title: libsndfile vulnerabilities
Summary: libsndfile could be made to crash or run programs as your login if it
opened a specially crafted file.
It was discovered that libsndfile incorrectly handled memory when parsing
malformed files. A remote attacker could use this issue to cause
libsndfile to crash, resulting in a denial of service. This issue only
applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9496)
Joshua Rogers discovered that libsndfile incorrectly handled division when
parsing malformed files. A remote attacker could use this issue to cause
libsndfile to crash, resulting in a denial of service. (CVE-2014-9756)
Marco Romano discovered that libsndfile incorrectly handled certain
malformed AIFF files. A remote attacker could use this issue to cause
libsndfile to cra
Red Hat
libsndfile: 2 buffer overruns in sd2_parse_rsrc_fork()
vendor_redhat·2014-12-22·CVSS 2.1
CVE-2014-9496 [LOW] CWE-119 libsndfile: 2 buffer overruns in sd2_parse_rsrc_fork()
libsndfile: 2 buffer overruns in sd2_parse_rsrc_fork()
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.
Package: libsndfile (Red Hat Enterprise Linux 6) - Will not fix
Package: libsndfile (Red Hat Enterprise Linux 7) - Will not fix
Debian
CVE-2014-9496: libsndfile - The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have...
vendor_debian·2014·CVSS 2.1
CVE-2014-9496 [LOW] CVE-2014-9496: libsndfile - The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have...
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.
Scope: local
bookworm: resolved (fixed in 1.0.25-9.1)
bullseye: resolved (fixed in 1.0.25-9.1)
forky: resolved (fixed in 1.0.25-9.1)
sid: resolved (fixed in 1.0.25-9.1)
trixie: resolved (fixed in 1.0.25-9.1)
GHSA
GHSA-pc8q-hxww-6c2f: The sd2_parse_rsrc_fork function in sd2
ghsa_unreviewed·2022-05-13
CVE-2014-9496 [LOW] GHSA-pc8q-hxww-6c2f: The sd2_parse_rsrc_fork function in sd2
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.
OSV
libsndfile vulnerabilities
osv·2015-12-07·CVSS 2.1
CVE-2014-9496 [LOW] libsndfile vulnerabilities
libsndfile vulnerabilities
It was discovered that libsndfile incorrectly handled memory when parsing
malformed files. A remote attacker could use this issue to cause
libsndfile to crash, resulting in a denial of service. This issue only
applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9496)
Joshua Rogers discovered that libsndfile incorrectly handled division when
parsing malformed files. A remote attacker could use this issue to cause
libsndfile to crash, resulting in a denial of service. (CVE-2014-9756)
Marco Romano discovered that libsndfile incorrectly handled certain
malformed AIFF files. A remote attacker could use this issue to cause
libsndfile to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2015-7805)
OSV
CVE-2014-9496: The sd2_parse_rsrc_fork function in sd2
osv·2015-01-16·CVSS 2.1
CVE-2014-9496 [LOW] CVE-2014-9496: The sd2_parse_rsrc_fork function in sd2
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.
No detection rules found.
No public exploits indexed.
http://advisories.mageia.org/MGASA-2015-0015.htmlhttp://lists.opensuse.org/opensuse-updates/2015-01/msg00016.htmlhttp://secunia.com/advisories/62320http://www.mandriva.com/security/advisories?name=MDVSA-2015:024http://www.openwall.com/lists/oss-security/2015/01/04/4http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttp://www.securityfocus.com/bid/71796http://www.ubuntu.com/usn/USN-2832-1https://github.com/erikd/libsndfile/commit/dbe14f00030af5d3577f4cabbf9861db59e9c378https://github.com/erikd/libsndfile/issues/93https://seclists.org/bugtraq/2019/Apr/23https://security.gentoo.org/glsa/201612-03http://advisories.mageia.org/MGASA-2015-0015.htmlhttp://lists.opensuse.org/opensuse-updates/2015-01/msg00016.htmlhttp://secunia.com/advisories/62320http://www.mandriva.com/security/advisories?name=MDVSA-2015:024http://www.openwall.com/lists/oss-security/2015/01/04/4http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttp://www.securityfocus.com/bid/71796http://www.ubuntu.com/usn/USN-2832-1https://github.com/erikd/libsndfile/commit/dbe14f00030af5d3577f4cabbf9861db59e9c378https://github.com/erikd/libsndfile/issues/93https://seclists.org/bugtraq/2019/Apr/23https://security.gentoo.org/glsa/201612-03
2015-01-16
Published