Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2015-7805 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libsndfile
Severity
9.3CRITICALNVD
OSV2.1
EPSS
58.5%
top 1.79%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Timeline
PublishedNov 17
Latest updateMay 14
Description
Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file.
CVSS vector
AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0
Affected Packages5 packages
🔴Vulnerability Details
3💥Exploits & PoCs
1📋Vendor Advisories
3💬Community
9Bugzilla▶
CVE-2015-7805 audacity: libsndfile: Heap overflow vulnerability when parsing specially crafted AIFF header [epel-all]↗2015-11-04
Bugzilla▶
CVE-2015-7805 jack-audio-connection-kit: libsndfile: Heap overflow vulnerability when parsing specially crafted AIFF header [epel-all]↗2015-11-04
Bugzilla▶
CVE-2015-7805 libsndfile: Heap overflow vulnerability when parsing specially crafted AIFF header [epel-5]↗2015-11-04
Bugzilla▶
CVE-2015-7805 audacity: libsndfile: Heap overflow vulnerability when parsing specially crafted AIFF header [fedora-all]↗2015-11-04
Bugzilla▶
CVE-2015-7805 jack-audio-connection-kit: libsndfile: Heap overflow vulnerability when parsing specially crafted AIFF header [fedora-all]↗2015-11-04