ALT-PU-2016-2286-1
Package libsndfile updated to version 1.0.27-alt1 for branch sisyphus in task 172211.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2014-9496
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.
- http://advisories.mageia.org/MGASA-2015-0015.html
- http://advisories.mageia.org/MGASA-2015-0015.html
- openSUSE-SU-2015:0041
- openSUSE-SU-2015:0041
- 62320
- 62320
- MDVSA-2015:024
- MDVSA-2015:024
- [oss-security] 20150103 Re: Re: CVE Request: libsndfile buffer overread
- [oss-security] 20150103 Re: Re: CVE Request: libsndfile buffer overread
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
- 71796
- 71796
- USN-2832-1
- USN-2832-1
- https://github.com/erikd/libsndfile/commit/dbe14f00030af5d3577f4cabbf9861db59e9c378
- https://github.com/erikd/libsndfile/commit/dbe14f00030af5d3577f4cabbf9861db59e9c378
- https://github.com/erikd/libsndfile/issues/93
- https://github.com/erikd/libsndfile/issues/93
- 20190411 [SECURITY] [DSA 4430-1] wpa security update
- 20190411 [SECURITY] [DSA 4430-1] wpa security update
- GLSA-201612-03
- GLSA-201612-03
Modified: 2024-11-21
CVE-2014-9756
The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.
- openSUSE-SU-2015:1995
- openSUSE-SU-2015:1995
- openSUSE-SU-2015:2119
- openSUSE-SU-2015:2119
- [oss-security] 20141224 libsndfile DoS/divide-by-zero
- [oss-security] 20141224 libsndfile DoS/divide-by-zero
- [oss-security] 20151103 Re: libsndfile DoS/divide-by-zero
- [oss-security] 20151103 Re: libsndfile DoS/divide-by-zero
- USN-2832-1
- USN-2832-1
- https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6
- https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6
- https://github.com/erikd/libsndfile/issues/92
- https://github.com/erikd/libsndfile/issues/92
Modified: 2024-11-21
CVE-2015-7805
Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file.
- FEDORA-2015-5afed1aad2
- FEDORA-2015-5afed1aad2
- FEDORA-2015-56be43eae6
- FEDORA-2015-56be43eae6
- FEDORA-2015-0f405832d3
- FEDORA-2015-0f405832d3
- openSUSE-SU-2015:1995
- openSUSE-SU-2015:1995
- openSUSE-SU-2015:2119
- openSUSE-SU-2015:2119
- http://packetstormsecurity.com/files/133926/libsndfile-1.0.25-Heap-Overflow.html
- http://packetstormsecurity.com/files/133926/libsndfile-1.0.25-Heap-Overflow.html
- http://www.nemux.org/2015/10/13/libsndfile-1-0-25-heap-overflow/
- http://www.nemux.org/2015/10/13/libsndfile-1-0-25-heap-overflow/
- [oss-security] 20151103 CVE request: libsndfile 1.0.25 heap overflow
- [oss-security] 20151103 CVE request: libsndfile 1.0.25 heap overflow
- [oss-security] 20151103 Re: CVE request: libsndfile 1.0.25 heap overflow
- [oss-security] 20151103 Re: CVE request: libsndfile 1.0.25 heap overflow
- 77427
- 77427
- USN-2832-1
- USN-2832-1
- GLSA-201612-03
- GLSA-201612-03
- 38447
- 38447
Modified: 2024-11-21
CVE-2017-16942
In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.