CVE-2021-4156 — Out-of-bounds Read in Libsndfile

CWE-125 — Out-of-bounds Read9 documents7 sources

Severity

7.1HIGHNVD

EPSS

0.2%

top 59.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libsndfile Project Libsndfile Debian Libsndfile Debian Linux

Timeline

PublishedMar 23

Latest updateFeb 18

Description

An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:HExploitability: 2.8 | Impact: 4.2

Affected Packages5 packages

▶debiandebian/libsndfile< libsndfile 1.1.0-1 (bookworm)

▶Debianlibsndfile_project/libsndfile< 1.0.31-2+deb11u2+3

▶Ubuntulibsndfile_project/libsndfile< 1.0.28-7ubuntu0.3+3

▶CVEListV5libsndfile_project/libsndfilelibsndfile 1.1.0

▶NVDlibsndfile_project/libsndfile1.1.10

Also affects: Debian Linux 10.0, 9.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

libsndfile vulnerabilities↗2025-02-18

▶

GHSA

GHSA-vvgm-gfhp-rj9x: An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality↗2022-03-24

▶

CVEList

CVE-2021-4156: An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality↗2022-03-23

▶

OSV

CVE-2021-4156: An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality↗2022-03-23

▶

📋Vendor Advisories

Ubuntu

libsndfile vulnerabilities↗2025-02-18

▶

Ubuntu

libsndfile vulnerability↗2022-05-10

▶

Red Hat

libsndfile: heap out-of-bounds read in src/flac.c in flac_buffer_copy↗2021-04-13

▶

Debian

CVE-2021-4156: libsndfile - An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. A...↗2021

▶