cbcvebase.

Libsndfile Project Libsndfile vulnerabilities

39 known vulnerabilities affecting libsndfile_project/libsndfile.

Total CVEs
39
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH13MEDIUM20LOW1

Vulnerabilities

Page 2 of 2
CVE-2018-19432P4MEDIUMCVSS 6.5v1.0.282018-11-22
CVE-2018-19432 [MEDIUM] CWE-476 CVE-2018-19432: An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service.
nvdosv
CVE-2017-14634P4MEDIUMCVSS 6.5v1.0.282017-09-21
CVE-2017-14634 [MEDIUM] CWE-369 CVE-2017-14634: In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, w In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.
nvdosv
CVE-2018-19758P4MEDIUMCVSS 6.5v1.0.282018-11-30
CVE-2018-19758 [MEDIUM] CWE-125 CVE-2018-19758: There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will c There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.
nvdosv
CVE-2024-50613P4MEDIUMCVSS 6.5≤ 1.2.22024-10-27
CVE-2024-50613 [MEDIUM] CWE-617 CVE-2024-50613: libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_en libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.
nvd
CVE-2018-19661P4MEDIUMCVSS 6.5v1.0.282018-11-29
CVE-2018-19661 [MEDIUM] CWE-125 CVE-2018-19661: An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_arr An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service.
nvdosv
CVE-2017-16942P4MEDIUMCVSS 6.5v1.0.252017-11-25
CVE-2017-16942 [MEDIUM] CWE-369 CVE-2017-16942: In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_f In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.
nvdosv
CVE-2017-8365P4MEDIUMCVSS 6.5v1.0.282017-04-30
CVE-2017-8365 [MEDIUM] CWE-125 CVE-2017-8365: The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.
nvdosv
CVE-2017-8362P4MEDIUMCVSS 6.5v1.0.282017-04-30
CVE-2017-8362 [MEDIUM] CWE-125 CVE-2017-8362: The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a deni The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file.
nvdosv
CVE-2025-56226P4MEDIUMCVSS 5.3≥ 1.1.0, ≤ 1.2.22026-01-14
CVE-2025-56226 [MEDIUM] CWE-401 CVE-2025-56226: Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpeg_l3_encoder_init() function withi Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpeg_l3_encoder_init() function within the mpeg_l3_encode.c file.
nvdosv
CVE-2018-13419P4MEDIUMCVSS 6.5v1.0.282018-07-07
CVE-2018-13419 [MEDIUM] CWE-772 CVE-2018-13419: An issue has been found in libsndfile 1.0.28. There is a memory leak in psf_allocate in common.c, as An issue has been found in libsndfile 1.0.28. There is a memory leak in psf_allocate in common.c, as demonstrated by sndfile-convert. NOTE: The maintainer and third parties were unable to reproduce and closed the issue
nvd
CVE-2017-7585P4MEDIUMCVSS 5.5≤ 1.0.272017-04-07
CVE-2017-7585 [MEDIUM] CWE-119 CVE-2017-7585: In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
nvdosv
CVE-2017-7586P4MEDIUMCVSS 5.5≤ 1.0.272017-04-07
CVE-2017-7586 [MEDIUM] CWE-119 CVE-2017-7586: In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 t In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
nvdosv
CVE-2014-9756P4MEDIUMCVSS 5.0fixed in 1.0.262015-11-19
CVE-2014-9756 [MEDIUM] CWE-369 CVE-2014-9756: The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (di The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.
nvdosv
CVE-2017-7741P4MEDIUMCVSS 5.5≤ 1.0.272017-04-12
CVE-2017-7741 [MEDIUM] CVE-2017-7741: In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
nvdosv
CVE-2017-7742P4MEDIUMCVSS 5.5≤ 1.0.272017-04-12
CVE-2017-7742 [MEDIUM] CVE-2017-7742: In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
nvdosv
CVE-2024-50612P4MEDIUMCVSS 5.5≤ 1.2.22024-10-27
CVE-2024-50612 [MEDIUM] CWE-125 CVE-2024-50612: libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read. libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read.
nvdosv
CVE-2019-3832P4MEDIUMCVSS 5.5v1.0.282019-03-21
CVE-2019-3832 [MEDIUM] CVE-2019-3832: It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read b It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.
nvdosv
CVE-2009-4835P4MEDIUMCVSS 4.3≥ 0, < 1.0.21-32010-05-06
CVE-2009-4835 [MEDIUM] CVE-2009-4835: The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1 The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file.
osv
CVE-2014-9496P4LOWCVSS 2.1fixed in 1.0.262015-01-16
CVE-2014-9496 [LOW] CVE-2014-9496: The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.
nvdosv
Libsndfile Project Libsndfile vulnerabilities | cvebase