CVE-2011-2696

EPSS 7.04%
Veröffentlicht 27.07.2011 02:55:02
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based buffer overflow.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 27

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mega-nerd ≫ Libsndfile Version <= 1.0.24

Mega-nerd ≫ Libsndfile Version0.0.8

Mega-nerd ≫ Libsndfile Version0.0.28

Mega-nerd ≫ Libsndfile Version1.0.0

Mega-nerd ≫ Libsndfile Version1.0.0 Updaterc1

Mega-nerd ≫ Libsndfile Version1.0.0 Updaterc6

Mega-nerd ≫ Libsndfile Version1.0.1

Mega-nerd ≫ Libsndfile Version1.0.2

Mega-nerd ≫ Libsndfile Version1.0.3

Mega-nerd ≫ Libsndfile Version1.0.4

Mega-nerd ≫ Libsndfile Version1.0.5

Mega-nerd ≫ Libsndfile Version1.0.6

Mega-nerd ≫ Libsndfile Version1.0.7

Mega-nerd ≫ Libsndfile Version1.0.8

Mega-nerd ≫ Libsndfile Version1.0.9

Mega-nerd ≫ Libsndfile Version1.0.10

Mega-nerd ≫ Libsndfile Version1.0.11

Mega-nerd ≫ Libsndfile Version1.0.12

Mega-nerd ≫ Libsndfile Version1.0.13

Mega-nerd ≫ Libsndfile Version1.0.14

Mega-nerd ≫ Libsndfile Version1.0.15

Mega-nerd ≫ Libsndfile Version1.0.16

Mega-nerd ≫ Libsndfile Version1.0.17

Mega-nerd ≫ Libsndfile Version1.0.18

Mega-nerd ≫ Libsndfile Version1.0.19

Mega-nerd ≫ Libsndfile Version1.0.20

Mega-nerd ≫ Libsndfile Version1.0.21

Mega-nerd ≫ Libsndfile Version1.0.22

Mega-nerd ≫ Libsndfile Version1.0.23

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	7.04%	0.906

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062955.html

http://secunia.com/advisories/45125

Vendor Advisory

http://secunia.com/advisories/45351

Vendor Advisory

http://secunia.com/advisories/45384

http://secunia.com/advisories/45388

http://secunia.com/advisories/45433

http://www.debian.org/security/2011/dsa-2288

http://www.mandriva.com/security/advisories?name=MDVSA-2011:119

http://www.mega-nerd.com/libsndfile/ChangeLog

http://www.openwall.com/lists/oss-security/2011/07/14/1