CVE-2017-14245Out-of-bounds Read in Libsndfile

CWE-125Out-of-bounds Read13 documents9 sources
Severity
8.1HIGHNVD
OSV9.8
EPSS
0.4%
top 37.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Libsndfile Project LibsndfileDebian LibsndfileDebian Linux+3 more
Timeline
PublishedSep 21
Latest updateMay 13

Description

An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages7 packages

debiandebian/libsndfile< libsndfile 1.0.28-5 (bookworm)
Debianlibsndfile_project/libsndfile< 1.0.28-5+3
Ubuntulibsndfile_project/libsndfile< 1.0.25-10ubuntu0.16.04.3+1

Also affects: Debian Linux 8.0

🔴Vulnerability Details

4
GHSA
GHSA-rr83-2vvf-fhg8: An out of bounds read in the function d2alaw_array() in alaw2022-05-13
OSV
libsndfile vulnerabilities2021-01-26
OSV
CVE-2017-14245: An out of bounds read in the function d2alaw_array() in alaw2017-09-21
CVEList
CVE-2017-14245: An out of bounds read in the function d2alaw_array() in alaw2017-09-21

📋Vendor Advisories

5
Ubuntu
libsndfile vulnerabilities2021-01-26
Ubuntu
libsndfile vulnerabilities2019-06-10
Red Hat
libsndfile: Out-of-bounds read in the function d2alaw_array()2017-09-14
Microsoft
An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure related to mishandling of the NAN and INFINITY floating-po2017-09-12
Debian
CVE-2017-14245: libsndfile - An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0...2017

💬Community

3
Bugzilla
CVE-2017-17456 libsndfile: SEGV on unknown address in the function d2alaw_array()2017-12-11
Bugzilla
CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 libsndfile: various flaws [fedora-all]2017-10-09
Bugzilla
CVE-2017-14245 libsndfile: Out-of-bounds read in the function d2alaw_array()2017-10-09