Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.890928 |
Kategorie: | Debian Local Security Checks |
Titel: | Debian LTS: Security Advisory for libsndfile (DLA-928-1) |
Zusammenfassung: | Multiple vulnerabilities were found in libsndfile, a popular library;for reading/writing audio files.;;CVE-2017-7585;;In libsndfile before 1.0.28, an error in the 'flac_buffer_copy()';function (flac.c) can be exploited to cause a stack-based buffer;overflow via a specially crafted FLAC file.;;CVE-2017-7586;;In libsndfile before 1.0.28, an error in the 'header_read()';function (common.c) when handling ID3 tags can be exploited to;cause a stack-based buffer overflow via a specially crafted FLAC;file.;;CVE-2017-7741;;In libsndfile before 1.0.28, an error in the 'flac_buffer_copy()';function (flac.c) can be exploited to cause a segmentation;violation (with write memory access) via a specially crafted FLAC;file during a resample attempt, a similar issue to CVE-2017-7585.;;CVE-2017-7742;;In libsndfile before 1.0.28, an error in the 'flac_buffer_copy()';function (flac.c) can be exploited to cause a segmentation;violation (with read memory access) via a specially crafted FLAC;file during a resample attempt, a similar issue to;CVE-2017-7585.;;CVE-2014-9496;;The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows;attackers to have unspecified impact via vectors related to a (1);map offset or (2) rsrc marker, which triggers an out-of-bounds;read.;;CVE-2014-9756;;The psf_fwrite function in file_io.c in libsndfile allows;attackers to cause a denial of service (divide-by-zero error and;application crash) via unspecified vectors related to the;headindex variable.;;CVE-2015-7805;;Heap-based buffer overflow in libsndfile 1.0.25 allows remote;attackers to have unspecified impact via the headindex value in;the header in an AIFF file. |
Beschreibung: | Summary: Multiple vulnerabilities were found in libsndfile, a popular library for reading/writing audio files. CVE-2017-7585 In libsndfile before 1.0.28, an error in the 'flac_buffer_copy()' function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. CVE-2017-7586 In libsndfile before 1.0.28, an error in the 'header_read()' function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. CVE-2017-7741 In libsndfile before 1.0.28, an error in the 'flac_buffer_copy()' function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585. CVE-2017-7742 In libsndfile before 1.0.28, an error in the 'flac_buffer_copy()' function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585. CVE-2014-9496 The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read. CVE-2014-9756 The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable. CVE-2015-7805 Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file. Affected Software/OS: libsndfile on Debian Linux Solution: For Debian 7 'Wheezy', these problems have been fixed in version 1.0.25-9.1+deb7u1. We recommend that you upgrade your libsndfile packages. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-9496 BugTraq ID: 71796 http://www.securityfocus.com/bid/71796 Bugtraq: 20190411 [SECURITY] [DSA 4430-1] wpa security update (Google Search) https://seclists.org/bugtraq/2019/Apr/23 https://security.gentoo.org/glsa/201612-03 http://www.mandriva.com/security/advisories?name=MDVSA-2015:024 http://www.openwall.com/lists/oss-security/2015/01/04/4 http://secunia.com/advisories/62320 SuSE Security Announcement: openSUSE-SU-2015:0041 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-01/msg00016.html http://www.ubuntu.com/usn/USN-2832-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-9756 http://www.openwall.com/lists/oss-security/2014/12/24/3 http://www.openwall.com/lists/oss-security/2015/11/03/9 SuSE Security Announcement: openSUSE-SU-2015:1995 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-11/msg00077.html SuSE Security Announcement: openSUSE-SU-2015:2119 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-11/msg00145.html Common Vulnerability Exposure (CVE) ID: CVE-2015-7805 BugTraq ID: 77427 http://www.securityfocus.com/bid/77427 https://www.exploit-db.com/exploits/38447/ http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172607.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172593.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171466.html http://packetstormsecurity.com/files/133926/libsndfile-1.0.25-Heap-Overflow.html http://www.nemux.org/2015/10/13/libsndfile-1-0-25-heap-overflow/ http://www.openwall.com/lists/oss-security/2015/11/03/3 http://www.openwall.com/lists/oss-security/2015/11/03/7 Common Vulnerability Exposure (CVE) ID: CVE-2017-7585 https://security.gentoo.org/glsa/201707-04 https://secuniaresearch.flexerasoftware.com/secunia_research/2017-4/ Common Vulnerability Exposure (CVE) ID: CVE-2017-7586 BugTraq ID: 97522 http://www.securityfocus.com/bid/97522 Common Vulnerability Exposure (CVE) ID: CVE-2017-7741 https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/ https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0 Common Vulnerability Exposure (CVE) ID: CVE-2017-7742 |
Copyright | Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |