MidnightBSD

Advisories for mega-nerd

CVE-2009-4835 MEDIUM

The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
mega-nerd libsndfile 1.0.20
CVE-2011-2696 MEDIUM

Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
mega-nerd libsndfile 1.0.2
mega-nerd libsndfile 1.0.5
mega-nerd libsndfile 1.0.1
mega-nerd libsndfile 1.0.10
mega-nerd libsndfile 1.0.16
mega-nerd libsndfile 1.0.7
mega-nerd libsndfile 1.0.19
mega-nerd libsndfile 1.0.8
mega-nerd libsndfile 1.0.13
mega-nerd libsndfile 1.0.11
mega-nerd libsndfile 1.0.12
mega-nerd libsndfile 1.0.3
mega-nerd libsndfile 1.0.0
mega-nerd libsndfile 1.0.23
mega-nerd libsndfile 1.0.17
mega-nerd libsndfile 0.0.28
mega-nerd libsndfile 1.0.4
mega-nerd libsndfile 1.0.14
mega-nerd libsndfile 1.0.20
mega-nerd libsndfile 1.0.21
mega-nerd libsndfile 1.0.15
mega-nerd libsndfile 1.0.22
mega-nerd libsndfile *
mega-nerd libsndfile 1.0.9
mega-nerd libsndfile 1.0.18
mega-nerd libsndfile 0.0.8
mega-nerd libsndfile 1.0.6
CVE-2015-7805 HIGH

Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
mega-nerd libsndfile 1.0.25
opensuse opensuse 13.1
opensuse opensuse 13.2