Home

CVE-2021-4156

Description

An out-of-bounds read flaw was found in libsndfiles FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws.

Risk Information

Base Score
7.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
EPSS Score
Exploitation Probability
0.112

Associated Vulnerability

VulnerabilityOS Platform
SUSE-SU-2022:0034-1(SUSE Linux Enterprise Server 12-SP5 ) libsndfile-debugsource-1.0.25-36.26.1.x86_64.rpmLinux
SUSE-SU-2022:0034-1(SUSE Linux Enterprise Server 12-SP5 ) libsndfile1-1.0.25-36.26.1.x86_64.rpmLinux
SUSE-SU-2022:0034-1(SUSE Linux Enterprise Server 12-SP5 ) libsndfile1-32bit-1.0.25-36.26.1.x86_64.rpmLinux
SUSE-SU-2022:0034-1(SUSE Linux Enterprise Server 12-SP5 ) libsndfile1-debuginfo-1.0.25-36.26.1.x86_64.rpmLinux
SUSE-SU-2022:0034-1(SUSE Linux Enterprise Server 12-SP5 ) libsndfile1-debuginfo-32bit-1.0.25-36.26.1.x86_64.rpmLinux
(RHSA-2022:1968) libsndfile security update libsndfile-debugsource-1.0.28-12.el8.i686.rpmLinux
(RHSA-2022:1968) libsndfile security update libsndfile-debugsource-1.0.28-12.el8.x86_64.rpmLinux
libsndfile security update (RLSA-2022:1968) libsndfile-1.0.28-12.el8.i686.rpmLinux
libsndfile security update (RLSA-2022:1968) libsndfile-1.0.28-12.el8.x86_64.rpmLinux
(RHSA-2022:1968) libsndfile security update libsndfile-1.0.28-12.el8.i686.rpmLinux
(RHSA-2022:1968) libsndfile security update libsndfile-1.0.28-12.el8.x86_64.rpmLinux
(RHSA-2022:1968)Moderate: security update libsndfile-debuginfo-1.0.28-12.el8.i686.rpmLinux
(RHSA-2022:1968)Moderate: security update libsndfile-debuginfo-1.0.28-12.el8.x86_64.rpmLinux
(RHSA-2022:1968)Moderate: security update libsndfile-utils-debuginfo-1.0.28-12.el8.i686.rpmLinux
(RHSA-2022:1968)Moderate: security update libsndfile-utils-debuginfo-1.0.28-12.el8.x86_64.rpmLinux
Libsndfile update (ELSA-2022-1968) libsndfile-1.0.28-12.el8.i686.rpmLinux
Libsndfile update (ELSA-2022-1968) libsndfile-1.0.28-12.el8.x86_64.rpmLinux
Library for reading/writing audio files (USN-7273-1) libsndfile1_1.0.28-7ubuntu0.3_amd64.debLinux
Library for reading/writing audio files (USN-7273-1) libsndfile1_1.0.28-7ubuntu0.3_i386.debLinux
Library for reading/writing audio files (USN-7273-1) libsndfile1_1.0.31-2ubuntu0.2_amd64.debLinux
Library for reading/writing audio files (USN-7273-1) libsndfile1_1.0.31-2ubuntu0.2_i386.debLinux
Library for reading/writing audio files (USN-7273-1) sndfile-programs_1.0.28-7ubuntu0.3_amd64.debLinux
Library for reading/writing audio files (USN-7273-1) sndfile-programs_1.0.28-7ubuntu0.3_i386.debLinux
Library for reading/writing audio files (USN-7273-1) sndfile-programs_1.0.31-2ubuntu0.2_amd64.debLinux
Library for reading/writing audio files (USN-7273-1) sndfile-programs_1.0.31-2ubuntu0.2_i386.debLinux
libsndfile Security Update (ALAS2023-2023-028) libsndfile-1.0.31-6.amzn2023.0.2.x86_64.rpmLinux
libsndfile Security Update (ALAS2023-2023-028) libsndfile-devel-1.0.31-6.amzn2023.0.2.x86_64.rpmLinux
libsndfile Security Update (ALAS2023-2023-028) libsndfile-utils-1.0.31-6.amzn2023.0.2.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234