Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libsndfile project libsndfile - vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2017-14634
In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.
Libsndfile Project Libsndfile 1.0.28
Debian Debian Linux 8.0
6.8
CVSSv2
CVE-2018-13139
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable snd...
Libsndfile Project Libsndfile 1.0.28
Debian Debian Linux 8.0
5.8
CVSSv2
CVE-2021-4156
An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bou...
Libsndfile Project Libsndfile 1.1.10
Debian Debian Linux 9.0
Debian Debian Linux 10.0
6.8
CVSSv2
CVE-2021-3246
A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows malicious users to execute arbitrary code via a crafted WAV file.
Libsndfile Project Libsndfile 1.0.30
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
9.3
CVSSv2
CVE-2009-1788
Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 up to and including 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote malicious users to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC f...
Nullsoft Winamp 5.541
Nullsoft Winamp 5.51
Mega-nerd Libsndfile 1.0.17
Mega-nerd Libsndfile 1.0.16
Nullsoft Winamp 5.552
Mega-nerd Libsndfile 1.0.15
Nullsoft Winamp 5.55
Nullsoft Winamp 5.54
Mega-nerd Libsndfile 1.0.19
Mega-nerd Libsndfile 1.0.18
Nullsoft Winamp 5.52
Nullsoft Winamp 5.5
9.3
CVSSv2
CVE-2009-1791
Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 up to and including 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote malicious users to cause a denial of service (application crash) and possibly execute arbitrary code via an AIF...
Mega-nerd Libsndfile 1.0.16
Mega-nerd Libsndfile 1.0.15
Nullsoft Winamp 5.552
Mega-nerd Libsndfile 1.0.19
Nullsoft Winamp 5.51
Nullsoft Winamp 5.52
Mega-nerd Libsndfile 1.0.18
Mega-nerd Libsndfile 1.0.17
Nullsoft Winamp 5.5
Nullsoft Winamp 5.55
Nullsoft Winamp 5.54
Nullsoft Winamp 5.541
1.9
CVSSv2
CVE-2019-3832
It exists the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.
Libsndfile Project Libsndfile 1.0.28
Debian Debian Linux 9.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 16.04
5
CVSSv2
CVE-2014-9756
The psf_fwrite function in file_io.c in libsndfile allows malicious users to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.
Libsndfile Project Libsndfile
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 15.10
Opensuse Leap 42.1
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
2.1
CVSSv2
CVE-2014-9496
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows malicious users to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.
Libsndfile Project Libsndfile
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Debian Debian Linux 9.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 15.10
Oracle Solaris 11.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3