CVE-2022-33064 — Off-by-one Error in Project Libsndfile

CWE-193 — Off-by-one Error CWE-96 — Static Code Injection6 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 91.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libsndfile Project Libsndfile Msrc Azl3 Libsndfile 1.0.31-2 ON Azure Linux 3.0 Msrc Azl3 Libsndfile 1.2.2-1 ON Azure Linux 3.0 +2 more

Timeline

PublishedJul 18

Latest updateSep 13

Description

An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶NVDlibsndfile_project/libsndfile1.1.0

▶msrcmsrc/azl3_libsndfile_1.2.2-1_on_azure_linux_3.0

▶msrcmsrc/azl3_libsndfile_1.0.31-2_on_azure_linux_3.0

▶msrcmsrc/azure_linux_3.0_arm

▶msrcmsrc/azure_linux_3.0_x64

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-6g97-p9mv-cpgv: An off-by-one error in function wav_read_header in src/wav↗2023-07-18

▶

CVEList

CVE-2022-33064: An off-by-one error in function wav_read_header in src/wav↗2023-07-18

▶

OSV

CVE-2022-33064: An off-by-one error in function wav_read_header in src/wav↗2023-07-18

▶

📋Vendor Advisories

Red Hat

libsndfile: off-by-one error in function wav_read_header in src/wav.c leads to code execution↗2023-09-13

▶

Microsoft

An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0 results in a write out of bound which allows an attacker to execute arbitrary code Denial of Service or other unspecifi↗2023-07-11

▶