CVE-2014-9496

EPSS 0.12%

libsndfile - security update

Published: 1/16/2015Modified: 4/28/2026

Also known as:DEBIAN-CVE-2014-9496

Description

The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.

Affected packages (3)

Debian/libsndfilefrom 0, < 1.0.25-9.1
Debian/libsndfilefrom 0, < 1.0.21-3+squeeze2
Debian/libsndfilefrom 0, < 1.0.25-9.1+deb7u1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-9496