2.1

CVE-2014-9496

Exploit
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Libsndfile ProjectLibsndfile Version < 1.0.26
OpensuseOpensuse Version13.1
OpensuseOpensuse Version13.2
DebianDebian Linux Version9.0
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version15.04
CanonicalUbuntu Linux Version15.10
OracleSolaris Version11.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.58% 0.437
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
Third Party Advisory
http://advisories.mageia.org/MGASA-2015-0015.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-01/msg00016.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/62320
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:024
Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/01/04/4
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/71796
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2832-1
Third Party Advisory
https://github.com/erikd/libsndfile/commit/dbe14f00030af5d3577f4cabbf9861db59e9c378
Patch
Third Party Advisory
https://github.com/erikd/libsndfile/issues/93
Third Party Advisory
Exploit
https://seclists.org/bugtraq/2019/Apr/23
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/201612-03
Third Party Advisory