CVE-2022-33064
published 2023-07-18CVE-2022-33064: An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute…
PriorityP335high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.31%
23.1th percentile
An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| libsndfile_project | libsndfile | — | — |
| msrc | azl3_libsndfile_1.0.31-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_libsndfile_1.2.2-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH
vendor_msrc7.8HIGH
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6g97-p9mv-cpgv: An off-by-one error in function wav_read_header in src/wav
ghsa_unreviewed·2023-07-18
CVE-2022-33064 [HIGH] CWE-193 GHSA-6g97-p9mv-cpgv: An off-by-one error in function wav_read_header in src/wav
An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.
OSV
CVE-2022-33064: An off-by-one error in function wav_read_header in src/wav
osv·2023-07-18·CVSS 7.8
CVE-2022-33064 [HIGH] CVE-2022-33064: An off-by-one error in function wav_read_header in src/wav
An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.
Red Hat
libsndfile: off-by-one error in function wav_read_header in src/wav.c leads to code execution
vendor_redhat·2023-09-13·CVSS 7.8
CVE-2022-33064 [HIGH] CWE-193 libsndfile: off-by-one error in function wav_read_header in src/wav.c leads to code execution
libsndfile: off-by-one error in function wav_read_header in src/wav.c leads to code execution
An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.
Libsndfile could allow a remote attacker to execute arbitrary code on the system, caused by an off-by-one error in function wav_read_header in src/wav.c.
Package: libsndfile (Red Hat Enterprise Linux 8) - Not affected
Package: libsndfile (Red Hat Enterprise Linux 9) - Not affected
Microsoft
An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0 results in a write out of bound which allows an attacker to execute arbitrary code Denial of Service or other unspecifi
vendor_msrc·2023-07-11·CVSS 7.8
CVE-2022-33064 [HIGH] CWE-193 An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0 results in a write out of bound which allows an attacker to execute arbitrary code Denial of Service or other unspecifi
An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0 results in a write out of bound which allows an attacker to execute arbitrary code Denial of Service or other unspecified impacts.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-07-18
Published