Vulnerabilities > Libsndfile Project

DATE CVE VULNERABILITY TITLE RISK
2018-11-22 CVE-2018-19432 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in libsndfile 1.0.28.
network
low complexity
libsndfile-project debian CWE-476
6.5
2018-07-07 CVE-2018-13419 Missing Release of Resource after Effective Lifetime vulnerability in Libsndfile Project Libsndfile 1.0.28
An issue has been found in libsndfile 1.0.28.
network
low complexity
libsndfile-project CWE-772
6.5
2018-07-04 CVE-2018-13139 Out-of-bounds Write vulnerability in multiple products
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.
network
low complexity
libsndfile-project debian CWE-787
8.8
2017-11-25 CVE-2017-16942 Divide By Zero vulnerability in Libsndfile Project Libsndfile 1.0.25
In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.
network
low complexity
libsndfile-project CWE-369
6.5
2017-09-21 CVE-2017-14246 Out-of-bounds Read vulnerability in multiple products
An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.
network
low complexity
libsndfile-project debian CWE-125
8.1
2017-09-21 CVE-2017-14245 Out-of-bounds Read vulnerability in multiple products
An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.
network
low complexity
libsndfile-project debian CWE-125
8.1
2017-09-21 CVE-2017-14634 Divide By Zero vulnerability in multiple products
In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.
network
low complexity
libsndfile-project debian CWE-369
6.5
2017-08-05 CVE-2017-12562 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
network
low complexity
libsndfile-project debian CWE-119
critical
9.8
2017-06-12 CVE-2017-6892 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libsndfile Project Libsndfile 1.0.28
In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.
network
low complexity
libsndfile-project CWE-119
8.8
2017-04-30 CVE-2017-8365 Out-of-bounds Read vulnerability in multiple products
The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.
network
low complexity
libsndfile-project debian CWE-125
6.5