Published: 23/03/2022 Updated: 29/09/2023

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.1 | Impact Score: 4.2 | Exploitability Score: 2.8

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libsndfile project libsndfile 1.1.10
debian debian linux 9.0
debian debian linux 10.0

Debian Bug report logs - #1014713 libsndfile: CVE-2021-4156 Package: src:libsndfile; Maintainer for src:libsndfile is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Sun, 10 Jul 2022 17:33:02 UTC Severity: important Tags: security, upstream ...

Synopsis Moderate: libsndfile security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for libsndfile is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as havin ...

Synopsis Important: OpenShift Container Platform 4110 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4110 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Co ...

An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak me ...

CWE-125 https://bugzilla.redhat.com/show_bug.cgi?id=2027690 https://github.com/libsndfile/libsndfile/pull/732/commits/4c30646abf7834e406f7e2429c70bc254e18beab https://github.com/libsndfile/libsndfile/issues/731 https://lists.debian.org/debian-lts-announce/2022/06/msg00020.html https://lists.debian.org/debian-lts-announce/2022/09/msg00036.html https://security.gentoo.org/glsa/202309-11 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014713 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2023-1998.html

CVE-2021-4156

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect