Vulnerabilities > Libsndfile Project

DATE CVE VULNERABILITY TITLE RISK
2017-04-12 CVE-2017-7741 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libsndfile Project Libsndfile
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
4.3
2017-04-07 CVE-2017-7586 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libsndfile Project Libsndfile
In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
4.3
2017-04-07 CVE-2017-7585 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libsndfile Project Libsndfile
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
4.3
2015-11-19 CVE-2014-9756 Divide By Zero vulnerability in multiple products
The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.
network
low complexity
libsndfile-project canonical opensuse CWE-369
5.0
2015-01-16 CVE-2014-9496 The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read. 2.1