Vulnerabilities > CVE-2022-33064 - Off-by-one Error vulnerability in Libsndfile Project Libsndfile 1.1.0

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

libsndfile-project

CWE-193

NVD

Published: 2023-07-18

Updated: 2023-07-27

Summary

An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.

Vulnerable Configurations

Part	Description	Count
Application	Libsndfile_Project Libsndfile Project Libsndfile 1.1.0	1

Common Weakness Enumeration (CWE)

CWE-193 - Off-by-one Error

References

https://github.com/libsndfile/libsndfile/issues/832