Vulnerability in Libsndfile_project Libsndfile
CVE-2014-9756
The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.
EPSS: 0.007 (71.6th percentile) — read the EPSS interpretation.
Affected products
- Libsndfile_project Libsndfile
- Canonical Ubuntu_linux — versions 12.04, 14.04, 15.04
- Opensuse Leap — versions 42.1
- Opensuse — versions 13.1, 13.2
- N/a — versions n/a
Weakness classification (CWE)
References
- openSUSE-SU-2015:1995 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- cve@mitre.org (x_refsource_CONFIRM, Exploit, Third Party Advisory)
- [oss-security] 20141224 libsndfile DoS/divide-by-zero (mailing-list, x_refsource_MLIST, Patch, Mailing List, Third Party Advisory)
- [oss-security] 20151103 Re: libsndfile DoS/divide-by-zero (mailing-list, x_refsource_MLIST, Patch, Mailing List, Third Party Advisory)
- USN-2832-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
- cve@mitre.org (x_refsource_CONFIRM, Patch, Third Party Advisory)
- openSUSE-SU-2015:2119 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)