CVE-2017-14246Out-of-bounds Read in Libsndfile

CWE-125Out-of-bounds ReadCWE-20Improper Input Validation14 documents9 sources
Severity
8.1HIGHNVD
OSV9.8
EPSS
0.7%
top 28.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Libsndfile Project LibsndfileDebian LibsndfileDebian Linux+3 more
Timeline
PublishedSep 21
Latest updateMay 13

Description

An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages7 packages

debiandebian/libsndfile< libsndfile 1.0.28-5 (bookworm)
Debianlibsndfile_project/libsndfile< 1.0.28-5+3
Ubuntulibsndfile_project/libsndfile< 1.0.25-10ubuntu0.16.04.3+1

Also affects: Debian Linux 8.0

🔴Vulnerability Details

4
GHSA
GHSA-2wx9-243g-7hm9: An out of bounds read in the function d2ulaw_array() in ulaw2022-05-13
OSV
libsndfile vulnerabilities2021-01-26
OSV
CVE-2017-14246: An out of bounds read in the function d2ulaw_array() in ulaw2017-09-21
CVEList
CVE-2017-14246: An out of bounds read in the function d2ulaw_array() in ulaw2017-09-21

📋Vendor Advisories

6
Ubuntu
libsndfile vulnerabilities2021-01-26
Ubuntu
libsndfile vulnerabilities2019-06-10
Red Hat
libsndfile: SEGV on unknown address in the function d2ulaw_array()2017-12-07
Red Hat
libsndfile: Out-of-bounds read in the function d2ulaw_array()2017-09-14
Microsoft
An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure related to mishandling of the NAN and INFINITY floating-po2017-09-12

💬Community

3
Bugzilla
CVE-2017-17457 libsndfile: SEGV on unknown address in the function d2ulaw_array()2017-12-11
Bugzilla
CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 libsndfile: various flaws [fedora-all]2017-10-09
Bugzilla
CVE-2017-14246 libsndfile: Out-of-bounds read in the function d2ulaw_array()2017-10-09