CVE-2011-2696

Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based buffer overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
mega-nerdlibsndfile
𝑥
≤ 1.0.24
mega-nerdlibsndfile
0.0.8
mega-nerdlibsndfile
0.0.28
mega-nerdlibsndfile
1.0.0
mega-nerdlibsndfile
1.0.0:rc1
mega-nerdlibsndfile
1.0.0:rc6
mega-nerdlibsndfile
1.0.1
mega-nerdlibsndfile
1.0.2
mega-nerdlibsndfile
1.0.3
mega-nerdlibsndfile
1.0.4
mega-nerdlibsndfile
1.0.5
mega-nerdlibsndfile
1.0.6
mega-nerdlibsndfile
1.0.7
mega-nerdlibsndfile
1.0.8
mega-nerdlibsndfile
1.0.9
mega-nerdlibsndfile
1.0.10
mega-nerdlibsndfile
1.0.11
mega-nerdlibsndfile
1.0.12
mega-nerdlibsndfile
1.0.13
mega-nerdlibsndfile
1.0.14
mega-nerdlibsndfile
1.0.15
mega-nerdlibsndfile
1.0.16
mega-nerdlibsndfile
1.0.17
mega-nerdlibsndfile
1.0.18
mega-nerdlibsndfile
1.0.19
mega-nerdlibsndfile
1.0.20
mega-nerdlibsndfile
1.0.21
mega-nerdlibsndfile
1.0.22
mega-nerdlibsndfile
1.0.23
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libsndfile
bullseye
1.0.31-2
fixed
bookworm
1.2.0-1
fixed
sid
1.2.2-1
fixed
trixie
1.2.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libsndfile
natty
Fixed 1.0.23-1ubuntu0.1
released
maverick
Fixed 1.0.21-2ubuntu0.10.10.1
released
lucid
Fixed 1.0.21-2ubuntu0.10.04.1
released
hardy
ignored
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062955.html
http://secunia.com/advisories/45125
http://secunia.com/advisories/45351
http://secunia.com/advisories/45384
http://secunia.com/advisories/45388
http://secunia.com/advisories/45433
http://www.debian.org/security/2011/dsa-2288
http://www.mandriva.com/security/advisories?name=MDVSA-2011:119
http://www.mega-nerd.com/libsndfile/ChangeLog
http://www.openwall.com/lists/oss-security/2011/07/14/1
http://www.openwall.com/lists/oss-security/2011/07/14/2
http://www.openwall.com/lists/oss-security/2011/07/14/3
http://www.openwall.com/lists/oss-security/2011/07/14/4
http://www.openwall.com/lists/oss-security/2011/07/15/1
http://www.openwall.com/lists/oss-security/2011/07/15/3
http://www.openwall.com/lists/oss-security/2011/07/15/4
http://www.openwall.com/lists/oss-security/2011/07/18/1
http://www.redhat.com/support/errata/RHSA-2011-1084.html
http://www.securelist.com/en/advisories/45125
http://www.securityfocus.com/bid/48644
http://www.ubuntu.com/usn/USN-1174-1
https://bugs.gentoo.org/show_bug.cgi?id=375125
https://bugzilla.redhat.com/show_bug.cgi?id=721234
https://hermes.opensuse.org/messages/10387521
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062955.html
http://secunia.com/advisories/45125
http://secunia.com/advisories/45351
http://secunia.com/advisories/45384
http://secunia.com/advisories/45388
http://secunia.com/advisories/45433
http://www.debian.org/security/2011/dsa-2288
http://www.mandriva.com/security/advisories?name=MDVSA-2011:119
http://www.mega-nerd.com/libsndfile/ChangeLog
http://www.openwall.com/lists/oss-security/2011/07/14/1
http://www.openwall.com/lists/oss-security/2011/07/14/2
http://www.openwall.com/lists/oss-security/2011/07/14/3
http://www.openwall.com/lists/oss-security/2011/07/14/4
http://www.openwall.com/lists/oss-security/2011/07/15/1
http://www.openwall.com/lists/oss-security/2011/07/15/3
http://www.openwall.com/lists/oss-security/2011/07/15/4
http://www.openwall.com/lists/oss-security/2011/07/18/1
http://www.redhat.com/support/errata/RHSA-2011-1084.html
http://www.securelist.com/en/advisories/45125
http://www.securityfocus.com/bid/48644
http://www.ubuntu.com/usn/USN-1174-1
https://bugs.gentoo.org/show_bug.cgi?id=375125
https://bugzilla.redhat.com/show_bug.cgi?id=721234
https://hermes.opensuse.org/messages/10387521