Veracode Vulnerability DatabaseVERACODE:7247Heap-based Buffer Overflow
0.11 Low
EPSS
Percentile
95.1%
libsndfile is vulnerable to heap-based buffer overflow. This is due to the wrong management of the headindex and headend values while parsing AIFF header values. An attacker is able to exploit this vulnerability to overwrite memory heap by manipulating index values to use memcpy() via a malicious AIFF file.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libsndfile.so | le | 1.0.25 |
References
lists.fedoraproject.org/pipermail/package-announce/2015-November/171466.html
lists.fedoraproject.org/pipermail/package-announce/2015-November/172593.html
lists.fedoraproject.org/pipermail/package-announce/2015-November/172607.html
lists.opensuse.org/opensuse-updates/2015-11/msg00077.html
lists.opensuse.org/opensuse-updates/2015-11/msg00145.html
packetstormsecurity.com/files/133926/libsndfile-1.0.25-Heap-Overflow.html
www.nemux.org/2015/10/13/libsndfile-1-0-25-heap-overflow/
www.openwall.com/lists/oss-security/2015/11/03/3
www.openwall.com/lists/oss-security/2015/11/03/7
www.securityfocus.com/bid/77427
www.ubuntu.com/usn/USN-2832-1
packetstormsecurity.com/files/133926/libsndfile-1.0.25-Heap-Overflow.html
security.gentoo.org/glsa/201612-03
www.exploit-db.com/exploits/38447/
Related
