CVE-2022-33065 — Integer Overflow or Wraparound in Libsndfile

CWE-190 — Integer Overflow or Wraparound7 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 95.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libsndfile Project Libsndfile Debian Libsndfile Msrc Azl3 Libsndfile 1.2.2-2 ON Azure Linux 3.0 +5 more

Timeline

PublishedJul 18

Latest updateNov 2

Description

Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

▶debiandebian/libsndfile< libsndfile 1.2.0-1+deb12u1 (bookworm)

▶Debianlibsndfile_project/libsndfile< 1.0.31-2+deb11u1+3

▶msrcmsrc/azl3_libsndfile_1.2.2-2_on_azure_linux_3.0

▶msrcmsrc/azl3_libsndfile_1.2.2-3_on_azure_linux_3.0

▶msrcmsrc/azure_linux_3.0_arm

🔴Vulnerability Details

OSV

CVE-2022-33065: Multiple signed integers overflow in function au_read_header in src/au↗2023-07-18

▶

GHSA

GHSA-q72h-h33r-r8j8: Multiple signed integers overflow in function au_read_header in src/au↗2023-07-18

▶

📋Vendor Advisories

Ubuntu

libsndfile vulnerability↗2023-11-02

▶

Red Hat

libsndfile: integer overflow in src/mat4.c and src/au.c leads to DoS↗2023-09-13

▶

Microsoft

Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile allows an attacker to cause Denial of Service or ot↗2023-07-11

▶

Debian

CVE-2022-33065: libsndfile - Multiple signed integers overflow in function au_read_header in src/au.c and in ...↗2022

▶