Fluid Attacks Database

Description

An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	libsndfile	>=0 <1.1.0-1	1.1.0-1
debian 13	libsndfile	>=0 <1.1.0-1	1.1.0-1
debian 11	libsndfile	=1.0.31-2 \|\| =1.0.31-2+deb11u1 \|\| >=0 <1.0.31-2+deb11u2	1.0.31-2+deb11u2
debian 14	libsndfile	>=0 <1.1.0-1	1.1.0-1
rpm rhel6	libsndfile	-	-
rpm rhel8	libsndfile	<0:1.0.28-12.el8	0:1.0.28-12.el8
rpm rhel7	libsndfile	-	-

Aliases

1. CVE-2021-41562. NVD-2021-41563. OSV-DEBIAN-2021-41564. OSV-2021-41565. SECURITY-TRACKER-CVE-2021-4156

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.