CVE-2011-2696 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.8 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 92%

Affected Products (NVD)

Vendor	Product	Version
mega-nerd	libsndfile	𝑥 ≤ 1.0.24
mega-nerd	libsndfile	0.0.8
mega-nerd	libsndfile	0.0.28
mega-nerd	libsndfile	1.0.0
mega-nerd	libsndfile	1.0.0:rc1
mega-nerd	libsndfile	1.0.0:rc6
mega-nerd	libsndfile	1.0.1
mega-nerd	libsndfile	1.0.2
mega-nerd	libsndfile	1.0.3
mega-nerd	libsndfile	1.0.4
mega-nerd	libsndfile	1.0.5
mega-nerd	libsndfile	1.0.6
mega-nerd	libsndfile	1.0.7
mega-nerd	libsndfile	1.0.8
mega-nerd	libsndfile	1.0.9
mega-nerd	libsndfile	1.0.10
mega-nerd	libsndfile	1.0.11
mega-nerd	libsndfile	1.0.12
mega-nerd	libsndfile	1.0.13
mega-nerd	libsndfile	1.0.14
mega-nerd	libsndfile	1.0.15
mega-nerd	libsndfile	1.0.16
mega-nerd	libsndfile	1.0.17
mega-nerd	libsndfile	1.0.18
mega-nerd	libsndfile	1.0.19
mega-nerd	libsndfile	1.0.20
mega-nerd	libsndfile	1.0.21
mega-nerd	libsndfile	1.0.22
mega-nerd	libsndfile	1.0.23

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libsndfile

bookworm	1.2.0-1 fixed
bullseye	1.0.31-2 fixed
sid	1.2.2-1 fixed
trixie	1.2.2-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

libsndfile

hardy	ignored
lucid	Fixed 1.0.21-2ubuntu0.10.04.1 released
maverick	Fixed 1.0.21-2ubuntu0.10.10.1 released
natty	Fixed 1.0.23-1ubuntu0.1 released

openSUSE / SLES Releases

openSUSE Product

Release

libsndfile-devel

suse enterprise desktop 15	1.0.28-3.24 fixed
suse enterprise desktop 15 SP1	1.0.28-5.5.1 fixed
suse enterprise desktop 15 SP2	1.0.28-5.5.1 fixed
suse enterprise desktop 15 SP3	1.0.28-5.5.1 fixed
suse enterprise sap 15	1.0.28-3.24 fixed
suse enterprise sap 15 SP1	1.0.28-5.5.1 fixed
suse enterprise sap 15 SP2	1.0.28-5.5.1 fixed
suse enterprise sap 15 SP3	1.0.28-5.5.1 fixed
suse enterprise server 15	1.0.28-3.24 fixed
suse enterprise server 15 SP1	1.0.28-5.5.1 fixed
suse enterprise server 15 SP2	1.0.28-5.5.1 fixed
suse enterprise server 15 SP3	1.0.28-5.5.1 fixed

libsndfile1

suse enterprise desktop 15	1.0.28-3.24 fixed
suse enterprise desktop 15 SP1	1.0.28-5.5.1 fixed
suse enterprise desktop 15 SP2	1.0.28-5.5.1 fixed
suse enterprise desktop 15 SP3	1.0.28-5.5.1 fixed
suse enterprise sap 12 SP5	1.0.25-36.16.1 fixed
suse enterprise sap 15	1.0.28-3.24 fixed
suse enterprise sap 15 SP1	1.0.28-5.5.1 fixed
suse enterprise sap 15 SP2	1.0.28-5.5.1 fixed
suse enterprise sap 15 SP3	1.0.28-5.5.1 fixed
suse enterprise server 12 SP4	1.0.25-36.16.1 fixed
suse enterprise server 12 SP5	1.0.25-36.16.1 fixed
suse enterprise server 15	1.0.28-3.24 fixed
suse enterprise server 15 SP1	1.0.28-5.5.1 fixed
suse enterprise server 15 SP2	1.0.28-5.5.1 fixed
suse enterprise server 15 SP3	1.0.28-5.5.1 fixed

libsndfile1-32bit

suse enterprise sap 12 SP5	1.0.25-36.16.1 fixed
suse enterprise server 12 SP4	1.0.25-36.16.1 fixed
suse enterprise server 12 SP5	1.0.25-36.16.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

libsndfile

RHEL 6

0:1.0.20-3.el6_1.1

fixed

libsndfile-devel

RHEL 6

0:1.0.20-3.el6_1.1

fixed

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062955.html

http://secunia.com/advisories/45125

http://secunia.com/advisories/45351

http://secunia.com/advisories/45384

http://secunia.com/advisories/45388

http://secunia.com/advisories/45433

http://www.debian.org/security/2011/dsa-2288

http://www.mandriva.com/security/advisories?name=MDVSA-2011:119

http://www.mega-nerd.com/libsndfile/ChangeLog

http://www.openwall.com/lists/oss-security/2011/07/14/1

http://www.openwall.com/lists/oss-security/2011/07/14/2

http://www.openwall.com/lists/oss-security/2011/07/14/3

http://www.openwall.com/lists/oss-security/2011/07/14/4

http://www.openwall.com/lists/oss-security/2011/07/15/1

http://www.openwall.com/lists/oss-security/2011/07/15/3

http://www.openwall.com/lists/oss-security/2011/07/15/4

http://www.openwall.com/lists/oss-security/2011/07/18/1

http://www.redhat.com/support/errata/RHSA-2011-1084.html

http://www.securelist.com/en/advisories/45125

http://www.securityfocus.com/bid/48644

http://www.ubuntu.com/usn/USN-1174-1

https://bugs.gentoo.org/show_bug.cgi?id=375125

https://bugzilla.redhat.com/show_bug.cgi?id=721234

https://hermes.opensuse.org/messages/10387521

http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062955.html

http://secunia.com/advisories/45125

http://secunia.com/advisories/45351

http://secunia.com/advisories/45384

http://secunia.com/advisories/45388

http://secunia.com/advisories/45433

http://www.debian.org/security/2011/dsa-2288

http://www.mandriva.com/security/advisories?name=MDVSA-2011:119

http://www.mega-nerd.com/libsndfile/ChangeLog

http://www.openwall.com/lists/oss-security/2011/07/14/1

http://www.openwall.com/lists/oss-security/2011/07/14/2

http://www.openwall.com/lists/oss-security/2011/07/14/3

http://www.openwall.com/lists/oss-security/2011/07/14/4

http://www.openwall.com/lists/oss-security/2011/07/15/1

http://www.openwall.com/lists/oss-security/2011/07/15/3

http://www.openwall.com/lists/oss-security/2011/07/15/4

http://www.openwall.com/lists/oss-security/2011/07/18/1

http://www.redhat.com/support/errata/RHSA-2011-1084.html

http://www.securelist.com/en/advisories/45125

http://www.securityfocus.com/bid/48644

http://www.ubuntu.com/usn/USN-1174-1

https://bugs.gentoo.org/show_bug.cgi?id=375125

https://bugzilla.redhat.com/show_bug.cgi?id=721234

https://hermes.opensuse.org/messages/10387521