CVE-2022-33065

Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
Affected Products (NVD)
VendorProductVersion
libsndfile_projectlibsndfile
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libsndfile
bookworm
no-dsa
bullseye
no-dsa
buster
no-dsa
sid
vulnerable
trixie
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libsndfile
bionic
Fixed 1.0.28-4ubuntu0.18.04.2+esm1
released
focal
Fixed 1.0.28-7ubuntu0.2
released
jammy
Fixed 1.0.31-2ubuntu0.1
released
kinetic
ignored
lunar
Fixed 1.2.0-1ubuntu0.1
released
mantic
Fixed 1.2.2-1ubuntu0.23.10.1
released
trusty
Fixed 1.0.25-7ubuntu2.2+esm3
released
xenial
Fixed 1.0.25-10ubuntu0.16.04.3+esm3
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libsndfile-devel
suse enterprise desktop 15 SP4
1.0.28-150000.5.20.1
fixed
suse enterprise desktop 15 SP5
1.0.28-150000.5.20.1
fixed
suse enterprise desktop 15 SP6
1.0.28-150000.5.20.1
fixed
suse enterprise desktop 15 SP7
1.0.28-150000.5.20.1
fixed
suse enterprise sap 15 SP2
1.0.28-150000.5.20.1
fixed
suse enterprise sap 15 SP3
1.0.28-150000.5.20.1
fixed
suse enterprise sap 15 SP4
1.0.28-150000.5.20.1
fixed
suse enterprise sap 15 SP5
1.0.28-150000.5.20.1
fixed
suse enterprise sap 15 SP6
1.0.28-150000.5.20.1
fixed
suse enterprise sap 15 SP7
1.0.28-150000.5.20.1
fixed
suse enterprise server 15 SP1
1.0.28-150000.5.20.1
fixed
suse enterprise server 15 SP2
1.0.28-150000.5.20.1
fixed
suse enterprise server 15 SP3
1.0.28-150000.5.20.1
fixed
suse enterprise server 15 SP4
1.0.28-150000.5.20.1
fixed
suse enterprise server 15 SP5
1.0.28-150000.5.20.1
fixed
suse enterprise server 15 SP6
1.0.28-150000.5.20.1
fixed
suse enterprise server 15 SP7
1.0.28-150000.5.20.1
fixed
libsndfile1
suse enterprise desktop 15 SP4
1.0.28-150000.5.20.1
fixed
suse enterprise desktop 15 SP5
1.0.28-150000.5.20.1
fixed
suse enterprise desktop 15 SP6
1.0.28-150000.5.20.1
fixed
suse enterprise desktop 15 SP7
1.0.28-150000.5.20.1
fixed
suse enterprise sap 12 SP5
1.0.25-36.29.1
fixed
suse enterprise sap 15 SP2
1.0.28-150000.5.20.1
fixed
suse enterprise sap 15 SP3
1.0.28-150000.5.20.1
fixed
suse enterprise sap 15 SP4
1.0.28-150000.5.20.1
fixed
suse enterprise sap 15 SP5
1.0.28-150000.5.20.1
fixed
suse enterprise sap 15 SP6
1.0.28-150000.5.20.1
fixed
suse enterprise sap 15 SP7
1.0.28-150000.5.20.1
fixed
suse enterprise server 12 SP3
1.0.25-36.29.1
fixed
suse enterprise server 12 SP5
1.0.25-36.29.1
fixed
suse enterprise server 15 SP1
1.0.28-150000.5.20.1
fixed
suse enterprise server 15 SP2
1.0.28-150000.5.20.1
fixed
suse enterprise server 15 SP3
1.0.28-150000.5.20.1
fixed
suse enterprise server 15 SP4
1.0.28-150000.5.20.1
fixed
suse enterprise server 15 SP5
1.0.28-150000.5.20.1
fixed
suse enterprise server 15 SP6
1.0.28-150000.5.20.1
fixed
suse enterprise server 15 SP7
1.0.28-150000.5.20.1
fixed
libsndfile1-32bit
suse enterprise sap 12 SP5
1.0.25-36.29.1
fixed
suse enterprise server 12 SP3
1.0.25-36.29.1
fixed
suse enterprise server 12 SP5
1.0.25-36.29.1
fixed
suse enterprise server 15 SP1
1.0.28-150000.5.20.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
libsndfile
RHEL 8
0:1.0.28-14.el8
fixed
RHEL 9
0:1.0.31-8.el9
fixed
libsndfile-devel
RHEL 8
0:1.0.28-14.el8
fixed
RHEL 9
0:1.0.31-8.el9
fixed
libsndfile-utils
RHEL 8
0:1.0.28-14.el8
fixed
RHEL 9
0:1.0.31-8.el9
fixed
Common Weakness Enumeration
References
https://github.com/libsndfile/libsndfile/issues/789
https://github.com/libsndfile/libsndfile/issues/833
https://github.com/libsndfile/libsndfile/issues/789
https://github.com/libsndfile/libsndfile/issues/833