Vulnerability in Libsndfile_project Libsndfile
CVE-2014-9496
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.
EPSS: 0.001 (30.6th percentile) — read the EPSS interpretation.
Affected products
- Libsndfile_project Libsndfile
- Oracle Solaris — versions 11.2
- Canonical Ubuntu_linux — versions 12.04, 14.04, 15.04
- Debian Debian_linux — versions 9.0
- Opensuse — versions 13.1, 13.2
- N/a — versions n/a
References
- 71796 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- cve@mitre.org (x_refsource_CONFIRM, Exploit, Third Party Advisory)
- openSUSE-SU-2015:0041 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- MDVSA-2015:024 (vendor-advisory, Third Party Advisory, x_refsource_MANDRIVA)
- cve@mitre.org (x_refsource_CONFIRM, Patch, Third Party Advisory)
- USN-2832-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
- 62320 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- GLSA-201612-03 (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)
- cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)
- cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)