libsndfile is vulnerable to heap-based buffer overflow. This is due to the wrong management of the headindex
and headend
values while parsing AIFF
header values. An attacker is able to exploit this vulnerability to overwrite memory heap by manipulating index values to use memcpy()
via a malicious AIFF
file.
CPE | Name | Operator | Version |
---|---|---|---|
libsndfile.so | le | 1.0.25 |
lists.fedoraproject.org/pipermail/package-announce/2015-November/171466.html
lists.fedoraproject.org/pipermail/package-announce/2015-November/172593.html
lists.fedoraproject.org/pipermail/package-announce/2015-November/172607.html
lists.opensuse.org/opensuse-updates/2015-11/msg00077.html
lists.opensuse.org/opensuse-updates/2015-11/msg00145.html
packetstormsecurity.com/files/133926/libsndfile-1.0.25-Heap-Overflow.html
www.nemux.org/2015/10/13/libsndfile-1-0-25-heap-overflow/
www.openwall.com/lists/oss-security/2015/11/03/3
www.openwall.com/lists/oss-security/2015/11/03/7
www.securityfocus.com/bid/77427
www.ubuntu.com/usn/USN-2832-1
packetstormsecurity.com/files/133926/libsndfile-1.0.25-Heap-Overflow.html
security.gentoo.org/glsa/201612-03
www.exploit-db.com/exploits/38447/