cbcvebase.
CVE-2022-33065
published 2023-07-18

CVE-2022-33065: Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an…

PriorityP431high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.35%
26.9th percentile
Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.

Affected

12 ranges
VendorProductVersion rangeFixed in
debianlibsndfile< libsndfile 1.2.0-1+deb12u1 (bookworm)libsndfile 1.2.0-1+deb12u1 (bookworm)
libsndfile_projectlibsndfile
libsndfile_projectlibsndfile>= 0 < 1.0.31-2+deb11u11.0.31-2+deb11u1
libsndfile_projectlibsndfile>= 0 < 1.2.0-1+deb12u11.2.0-1+deb12u1
libsndfile_projectlibsndfile>= 0 < 1.2.2-21.2.2-2
libsndfile_projectlibsndfile>= 0 < 1.2.2-21.2.2-2
msrcazl3_libsndfile_1.2.2-2_on_azure_linux_3.0
msrcazl3_libsndfile_1.2.2-3_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH
vendor_debian7.8HIGH
vendor_msrc7.8HIGH
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.