Vulnerabilities > CVE-2014-9756 - Divide By Zero vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-742.NASL description The libsndfile package was updated to fix three security issues : - CVE-2015-7805: fix for heap overflow via specially crafted AIFF header (bsc#953516) - CVE-2015-8075: fix for out of bounds read access in function psf_strlcpy_crlf (bsc#953519) - CVE-2014-9756: fix a divide-by-zero issue that can lead to an DoS (bsc#953521) last seen 2020-06-05 modified 2015-11-17 plugin id 86891 published 2015-11-17 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86891 title openSUSE Security Update : libsndfile (openSUSE-2015-742) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2015-742. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(86891); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-9756", "CVE-2015-7805", "CVE-2015-8075"); script_name(english:"openSUSE Security Update : libsndfile (openSUSE-2015-742)"); script_summary(english:"Check for the openSUSE-2015-742 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "The libsndfile package was updated to fix three security issues : - CVE-2015-7805: fix for heap overflow via specially crafted AIFF header (bsc#953516) - CVE-2015-8075: fix for out of bounds read access in function psf_strlcpy_crlf (bsc#953519) - CVE-2014-9756: fix a divide-by-zero issue that can lead to an DoS (bsc#953521)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=953516" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=953519" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=953521" ); script_set_attribute( attribute:"solution", value:"Update the affected libsndfile packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsndfile-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsndfile-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsndfile-progs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsndfile-progs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsndfile-progs-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsndfile1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsndfile1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsndfile1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsndfile1-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"patch_publication_date", value:"2015/11/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"libsndfile-debugsource-1.0.25-17.7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsndfile-devel-1.0.25-17.7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsndfile-progs-1.0.25-17.7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsndfile-progs-debuginfo-1.0.25-17.7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsndfile-progs-debugsource-1.0.25-17.7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsndfile1-1.0.25-17.7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsndfile1-debuginfo-1.0.25-17.7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsndfile1-32bit-1.0.25-17.7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsndfile1-debuginfo-32bit-1.0.25-17.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libsndfile-debugsource-1.0.25-19.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libsndfile-devel-1.0.25-19.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libsndfile-progs-1.0.25-19.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libsndfile-progs-debuginfo-1.0.25-19.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libsndfile-progs-debugsource-1.0.25-19.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libsndfile1-1.0.25-19.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libsndfile1-debuginfo-1.0.25-19.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libsndfile1-32bit-1.0.25-19.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libsndfile1-debuginfo-32bit-1.0.25-19.7.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsndfile-progs / libsndfile-progs-debuginfo / etc"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-820.NASL description The libsndfile package was updated to fix the following security issue : - CVE-2014-9756: Fixed a divide by zero problem that can lead to a Denial of Service (DoS) (bsc#953521). - CVE-2015-7805: Fixed heap overflow issue (bsc#953516). - CVE-2015-8075: Fixed heap overflow issue (bsc#953519). last seen 2020-06-05 modified 2015-11-30 plugin id 87084 published 2015-11-30 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/87084 title openSUSE Security Update : libsndfile (openSUSE-2015-820) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2015-820. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(87084); script_version("2.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-9756", "CVE-2015-7805", "CVE-2015-8075"); script_name(english:"openSUSE Security Update : libsndfile (openSUSE-2015-820)"); script_summary(english:"Check for the openSUSE-2015-820 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "The libsndfile package was updated to fix the following security issue : - CVE-2014-9756: Fixed a divide by zero problem that can lead to a Denial of Service (DoS) (bsc#953521). - CVE-2015-7805: Fixed heap overflow issue (bsc#953516). - CVE-2015-8075: Fixed heap overflow issue (bsc#953519)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=953516" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=953519" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=953521" ); script_set_attribute( attribute:"solution", value:"Update the affected libsndfile packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsndfile-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsndfile-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsndfile-progs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsndfile-progs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsndfile-progs-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsndfile1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsndfile1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsndfile1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsndfile1-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1"); script_set_attribute(attribute:"patch_publication_date", value:"2015/11/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.1", reference:"libsndfile-debugsource-1.0.25-24.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libsndfile-devel-1.0.25-24.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libsndfile-progs-1.0.25-24.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libsndfile-progs-debuginfo-1.0.25-24.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libsndfile-progs-debugsource-1.0.25-24.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libsndfile1-1.0.25-24.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libsndfile1-debuginfo-1.0.25-24.1") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libsndfile1-32bit-1.0.25-24.1") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libsndfile1-debuginfo-32bit-1.0.25-24.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsndfile-progs / libsndfile-progs-debuginfo / etc"); }NASL family Debian Local Security Checks NASL id DEBIAN_DLA-356.NASL description CVE-2014-9496 The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read. CVE-2014-9756 The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable. CVE-2015-7805 Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-12-01 plugin id 87111 published 2015-12-01 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/87111 title Debian DLA-356-1 : libsndfile security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-356-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(87111); script_version("2.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-9496", "CVE-2014-9756", "CVE-2015-7805"); script_bugtraq_id(71796); script_name(english:"Debian DLA-356-1 : libsndfile security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "CVE-2014-9496 The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read. CVE-2014-9756 The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable. CVE-2015-7805 Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2015/11/msg00017.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze-lts/libsndfile" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsndfile1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsndfile1-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sndfile-programs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2015/11/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"libsndfile1", reference:"1.0.21-3+squeeze2")) flag++; if (deb_check(release:"6.0", prefix:"libsndfile1-dev", reference:"1.0.21-3+squeeze2")) flag++; if (deb_check(release:"6.0", prefix:"sndfile-programs", reference:"1.0.21-3+squeeze2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-2000-1.NASL description The libsndfile package was updated to fix the following security issue : - CVE-2014-9756: Fixed a divide by zero problem that can lead to a Denial of Service (DoS) (bsc#953521). - CVE-2015-7805: Fixed heap overflow issue (bsc#953516). - CVE-2015-8075: Fixed heap overflow issue (bsc#953519). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 86895 published 2015-11-17 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86895 title SUSE SLED12 / SLES12 Security Update : libsndfile (SUSE-SU-2015:2000-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2015:2000-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(86895); script_version("2.9"); script_cvs_date("Date: 2019/09/11 11:22:12"); script_cve_id("CVE-2014-9756", "CVE-2015-7805", "CVE-2015-8075"); script_name(english:"SUSE SLED12 / SLES12 Security Update : libsndfile (SUSE-SU-2015:2000-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The libsndfile package was updated to fix the following security issue : - CVE-2014-9756: Fixed a divide by zero problem that can lead to a Denial of Service (DoS) (bsc#953521). - CVE-2015-7805: Fixed heap overflow issue (bsc#953516). - CVE-2015-8075: Fixed heap overflow issue (bsc#953519). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=953516" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=953519" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=953521" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-9756/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-7805/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-8075/" ); # https://www.suse.com/support/update/announcement/2015/suse-su-20152000-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?46ffcf2a" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12 : zypper in -t patch SUSE-SLE-SDK-12-2015-846=1 SUSE Linux Enterprise Server 12 : zypper in -t patch SUSE-SLE-SERVER-12-2015-846=1 SUSE Linux Enterprise Desktop 12 : zypper in -t patch SUSE-SLE-DESKTOP-12-2015-846=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsndfile-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsndfile1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsndfile1-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/11/06"); script_set_attribute(attribute:"patch_publication_date", value:"2015/11/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", reference:"libsndfile-debugsource-1.0.25-24.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libsndfile1-1.0.25-24.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libsndfile1-debuginfo-1.0.25-24.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libsndfile1-32bit-1.0.25-24.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libsndfile1-debuginfo-32bit-1.0.25-24.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libsndfile-debugsource-1.0.25-24.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libsndfile1-1.0.25-24.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libsndfile1-32bit-1.0.25-24.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libsndfile1-debuginfo-1.0.25-24.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libsndfile1-debuginfo-32bit-1.0.25-24.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsndfile"); }NASL family Debian Local Security Checks NASL id DEBIAN_DLA-928.NASL description Multiple vulnerabilities were found in libsndfile, a popular library for reading/writing audio files. CVE-2017-7585 In libsndfile before 1.0.28, an error in the last seen 2020-03-17 modified 2017-05-01 plugin id 99739 published 2017-05-01 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/99739 title Debian DLA-928-1 : libsndfile security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-928-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(99739); script_version("3.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2015-7805", "CVE-2017-7585", "CVE-2017-7586", "CVE-2017-7741", "CVE-2017-7742"); script_name(english:"Debian DLA-928-1 : libsndfile security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities were found in libsndfile, a popular library for reading/writing audio files. CVE-2017-7585 In libsndfile before 1.0.28, an error in the 'flac_buffer_copy()' function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. CVE-2017-7586 In libsndfile before 1.0.28, an error in the 'header_read()' function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. CVE-2017-7741 In libsndfile before 1.0.28, an error in the 'flac_buffer_copy()' function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585. CVE-2017-7742 In libsndfile before 1.0.28, an error in the 'flac_buffer_copy()' function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585. CVE-2014-9496 The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read. CVE-2014-9756 The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable. CVE-2015-7805 Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file. For Debian 7 'Wheezy', these problems have been fixed in version 1.0.25-9.1+deb7u1. We recommend that you upgrade your libsndfile packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2017/04/msg00047.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/libsndfile" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsndfile1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsndfile1-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sndfile-programs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2017/04/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"libsndfile1", reference:"1.0.25-9.1+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libsndfile1-dev", reference:"1.0.25-9.1+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"sndfile-programs", reference:"1.0.25-9.1+deb7u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2513.NASL description According to the versions of the libsndfile package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In libsndfile before 1.0.28, an error in the last seen 2020-05-08 modified 2019-12-04 plugin id 131666 published 2019-12-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131666 title EulerOS 2.0 SP2 : libsndfile (EulerOS-SA-2019-2513) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(131666); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07"); script_cve_id( "CVE-2014-9496", "CVE-2014-9756", "CVE-2017-12562", "CVE-2017-14634", "CVE-2017-16942", "CVE-2017-6892", "CVE-2017-7586", "CVE-2017-7741", "CVE-2017-7742", "CVE-2017-8361", "CVE-2017-8362", "CVE-2017-8363", "CVE-2017-8365" ); script_bugtraq_id( 71796 ); script_name(english:"EulerOS 2.0 SP2 : libsndfile (EulerOS-SA-2019-2513)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the libsndfile package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In libsndfile before 1.0.28, an error in the 'header_read()' function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.(CVE-2017-7586) - Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2017-12562) - In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.(CVE-2017-16942) - In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.(CVE-2017-14634) - The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.(CVE-2014-9756) - In libsndfile before 1.0.28, an error in the 'flac_buffer_copy()' function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.(CVE-2017-7741) - In libsndfile before 1.0.28, an error in the 'flac_buffer_copy()' function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.(CVE-2017-7742) - In libsndfile version 1.0.28, an error in the 'aiff_read_chanmap()' function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.(CVE-2017-6892) - The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.(CVE-2017-8361) - The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file.(CVE-2017-8362) - The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.(CVE-2017-8363) - The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.(CVE-2017-8365) - The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.(CVE-2014-9496) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2513 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b80e01d6"); script_set_attribute(attribute:"solution", value: "Update the affected libsndfile packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/04"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libsndfile"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["libsndfile-1.0.25-10.h11"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsndfile"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2616.NASL description According to the versions of the libsndfile package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.(CVE-2014-9756) - Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2017-12562) - In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.(CVE-2017-14634) - In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.(CVE-2017-16942) - In libsndfile before 1.0.28, an error in the last seen 2020-05-08 modified 2019-12-18 plugin id 132151 published 2019-12-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132151 title EulerOS 2.0 SP3 : libsndfile (EulerOS-SA-2019-2616) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2832-1.NASL description It was discovered that libsndfile incorrectly handled memory when parsing malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9496) Joshua Rogers discovered that libsndfile incorrectly handled division when parsing malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service. (CVE-2014-9756) Marco Romano discovered that libsndfile incorrectly handled certain malformed AIFF files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-7805). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 87239 published 2015-12-08 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87239 title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : libsndfile vulnerabilities (USN-2832-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-2000-2.NASL description The libsndfile package was updated to fix the following security issue : - CVE-2014-9756: Fixed a divide by zero problem that can lead to a Denial of Service (DoS) (bsc#953521). - CVE-2015-7805: Fixed heap overflow issue (bsc#953516). - CVE-2015-8075: Fixed heap overflow issue (bsc#953519). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 87642 published 2015-12-29 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87642 title SUSE SLED12 / SLES12 Security Update : libsndfile (SUSE-SU-2015:2000-2) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1979-1.NASL description The libsndfile package was updated to fix the following security issue : - CVE-2014-9756: Fixed a divide by zero problem that can lead to a Denial of Service (DoS) (bsc#953521). - CVE-2015-7805: Fixed heap overflow issue (bsc#953516). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 86869 published 2015-11-13 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86869 title SUSE SLED11 / SLES11 Security Update : libsndfile (SUSE-SU-2015:1979-1) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2016-039-02.NASL description New libsndfile packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 88626 published 2016-02-09 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88626 title Slackware 13.37 / 14.0 / 14.1 / current : libsndfile (SSA:2016-039-02) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2208.NASL description According to the versions of the libsndfile package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In libsndfile version 1.0.28, an error in the last seen 2020-05-08 modified 2019-11-08 plugin id 130670 published 2019-11-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130670 title EulerOS 2.0 SP5 : libsndfile (EulerOS-SA-2019-2208)
References
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00077.html
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00077.html
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00145.html
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00145.html
- http://www.openwall.com/lists/oss-security/2014/12/24/3
- http://www.openwall.com/lists/oss-security/2014/12/24/3
- http://www.openwall.com/lists/oss-security/2015/11/03/9
- http://www.openwall.com/lists/oss-security/2015/11/03/9
- http://www.ubuntu.com/usn/USN-2832-1
- http://www.ubuntu.com/usn/USN-2832-1
- https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6
- https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6
- https://github.com/erikd/libsndfile/issues/92
- https://github.com/erikd/libsndfile/issues/92