Debian LTS: DLA-3058-1: libsndfile security update

Advisories

What Are You Looking For?

Popular Tags

Contribute

Advisories This Week: 246


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3058-1                [email protected]
https://www.debian.org/lts/security/                    Thorsten Alteholz
June 26, 2022                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libsndfile
Version        : 1.0.27-3+deb9u3
CVE ID         : CVE-2017-12562 CVE-2021-4156


Two issues have been found in libsndfile, a library for reading/writing
audio files.

CVE-2017-12562

    Due to a possible heap buffer overflow attack in an attacker could
    cause a remote denial of service attack by tricking the function into
    outputting a largeamount of data.

CVE-2021-4156

    Using a crafted FLAC file, an attacker could trigger an out-of-bounds
    read that would most likely cause a crash but could potentially leak
    memory information.


For Debian 9 stretch, these problems have been fixed in version
1.0.27-3+deb9u3.

We recommend that you upgrade your libsndfile packages.

For the detailed security status of libsndfile please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libsndfile

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Debian LTS: DLA-3058-1: libsndfile security update

June 28, 2022
Two issues have been found in libsndfile, a library for reading/writing audio files

Summary

Two issues have been found in libsndfile, a library for reading/writing
audio files.

CVE-2017-12562

Due to a possible heap buffer overflow attack in an attacker could
cause a remote denial of service attack by tricking the function into
outputting a largeamount of data.

CVE-2021-4156

Using a crafted FLAC file, an attacker could trigger an out-of-bounds
read that would most likely cause a crash but could potentially leak
memory information.


For Debian 9 stretch, these problems have been fixed in version
1.0.27-3+deb9u3.

We recommend that you upgrade your libsndfile packages.

For the detailed security status of libsndfile please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libsndfile

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



Severity
Package : libsndfile
Version : 1.0.27-3+deb9u3
CVE ID : CVE-2017-12562 CVE-2021-4156

News

Advisories

HOWTOs

Features

Benefits & Drawbacks of Using a VPN on Linux
How a WAF Could Improve the Security of Your Linux Web Applications
Installing SurfShark VPN On Kali Linux: The Authoritative Guide
Best Practices for PHP Security
9 Wise Linux Cybersecurity Tips for Businesses

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy