6.8
CVE-2011-2696
- EPSS 4.65%
- Veröffentlicht 27.07.2011 02:55:02
- Zuletzt bearbeitet 16.06.2026 23:31:49
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mega-nerd ≫ Libsndfile Version <= 1.0.24
Mega-nerd ≫ Libsndfile Version0.0.8
Mega-nerd ≫ Libsndfile Version0.0.28
Mega-nerd ≫ Libsndfile Version1.0.0
Mega-nerd ≫ Libsndfile Version1.0.0 Updaterc1
Mega-nerd ≫ Libsndfile Version1.0.0 Updaterc6
Mega-nerd ≫ Libsndfile Version1.0.1
Mega-nerd ≫ Libsndfile Version1.0.2
Mega-nerd ≫ Libsndfile Version1.0.3
Mega-nerd ≫ Libsndfile Version1.0.4
Mega-nerd ≫ Libsndfile Version1.0.5
Mega-nerd ≫ Libsndfile Version1.0.6
Mega-nerd ≫ Libsndfile Version1.0.7
Mega-nerd ≫ Libsndfile Version1.0.8
Mega-nerd ≫ Libsndfile Version1.0.9
Mega-nerd ≫ Libsndfile Version1.0.10
Mega-nerd ≫ Libsndfile Version1.0.11
Mega-nerd ≫ Libsndfile Version1.0.12
Mega-nerd ≫ Libsndfile Version1.0.13
Mega-nerd ≫ Libsndfile Version1.0.14
Mega-nerd ≫ Libsndfile Version1.0.15
Mega-nerd ≫ Libsndfile Version1.0.16
Mega-nerd ≫ Libsndfile Version1.0.17
Mega-nerd ≫ Libsndfile Version1.0.18
Mega-nerd ≫ Libsndfile Version1.0.19
Mega-nerd ≫ Libsndfile Version1.0.20
Mega-nerd ≫ Libsndfile Version1.0.21
Mega-nerd ≫ Libsndfile Version1.0.22
Mega-nerd ≫ Libsndfile Version1.0.23
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.65% | 0.905 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062955.html
http://secunia.com/advisories/45125
http://secunia.com/advisories/45351
http://secunia.com/advisories/45384
http://secunia.com/advisories/45388
http://secunia.com/advisories/45433
http://www.debian.org/security/2011/dsa-2288
http://www.mandriva.com/security/advisories?name=MDVSA-2011:119
http://www.mega-nerd.com/libsndfile/ChangeLog
http://www.openwall.com/lists/oss-security/2011/07/14/1
http://www.openwall.com/lists/oss-security/2011/07/14/2
http://www.openwall.com/lists/oss-security/2011/07/14/3
http://www.openwall.com/lists/oss-security/2011/07/14/4
http://www.openwall.com/lists/oss-security/2011/07/15/1
http://www.openwall.com/lists/oss-security/2011/07/15/3
http://www.openwall.com/lists/oss-security/2011/07/15/4
http://www.openwall.com/lists/oss-security/2011/07/18/1
http://www.redhat.com/support/errata/RHSA-2011-1084.html
http://www.securelist.com/en/advisories/45125
http://www.securityfocus.com/bid/48644
http://www.ubuntu.com/usn/USN-1174-1
https://bugs.gentoo.org/show_bug.cgi?id=375125
https://bugzilla.redhat.com/show_bug.cgi?id=721234
https://hermes.opensuse.org/messages/10387521