Fluid Attacks Database

Description

The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	libsndfile	>=0 <1.0.25-9.1	1.0.25-9.1
debian 12	libsndfile	>=0 <1.0.25-9.1	1.0.25-9.1
debian 13	libsndfile	>=0 <1.0.25-9.1	1.0.25-9.1
debian 14	libsndfile	>=0 <1.0.25-9.1	1.0.25-9.1
rpm rhel7	libsndfile	-	-
rpm rhel6	libsndfile	-	-

Aliases

1. CVE-2014-94962. NVD-2014-94963. OSV-DEBIAN-2014-94964. OSV-2014-94965. SECURITY-TRACKER-CVE-2014-9496

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.