CVE-2014-9496

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.

References

http://advisories.mageia.org/MGASA-2015-0015.html

http://lists.opensuse.org/opensuse-updates/2015-01/msg00016.html

http://secunia.com/advisories/62320

http://www.mandriva.com/security/advisories?name=MDVSA-2015:024

http://www.openwall.com/lists/oss-security/2015/01/04/4

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www.securityfocus.com/bid/71796

http://www.ubuntu.com/usn/USN-2832-1

https://github.com/erikd/libsndfile/commit/dbe14f00030af5d3577f4cabbf9861db59e9c378

https://github.com/erikd/libsndfile/issues/93

https://seclists.org/bugtraq/2019/Apr/23

https://security.gentoo.org/glsa/201612-03

Details

Source: MITRE

Published: 2015-01-16

Updated: 2020-11-20

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

Tenable Plugins

View all (11 total)

IDNameProductFamilySeverity
131666EulerOS 2.0 SP2 : libsndfile (EulerOS-SA-2019-2513)NessusHuawei Local Security Checks
critical
130670EulerOS 2.0 SP5 : libsndfile (EulerOS-SA-2019-2208)NessusHuawei Local Security Checks
high
129230EulerOS 2.0 SP3 : libsndfile (EulerOS-SA-2019-2037)NessusHuawei Local Security Checks
low
95518GLSA-201612-03 : libsndfile: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
88626Slackware 13.37 / 14.0 / 14.1 / current : libsndfile (SSA:2016-039-02)NessusSlackware Local Security Checks
critical
87239Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : libsndfile vulnerabilities (USN-2832-1)NessusUbuntu Local Security Checks
critical
87111Debian DLA-356-1 : libsndfile security updateNessusDebian Local Security Checks
critical
82402Mandriva Linux Security Advisory : libsndfile (MDVSA-2015:149)NessusMandriva Local Security Checks
critical
81078SuSE 11.3 Security Update : libsndfile (SAT Patch Number 10221)NessusSuSE Local Security Checks
critical
80561Mandriva Linux Security Advisory : libsndfile (MDVSA-2015:024)NessusMandriva Local Security Checks
critical
80543openSUSE Security Update : libsndfile (openSUSE-SU-2015:0041-1)NessusSuSE Local Security Checks
critical