CVE-2014-9496
Summary
| CVE | CVE-2014-9496 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-01-16 16:59:16 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read. |
Risk And Classification
Primary CVSS: v2.0 2.1 from [email protected]
AV:L/AC:L/Au:N/C:N/I:N/A:P
Problem Types: NVD-CWE-noinfo | n/a
CVSS v2.0 Breakdown
Access Vector
LocalAccess Complexity
LowAuthentication
NoneConfidentiality
NoneIntegrity
NoneAvailability
PartialAV:L/AC:L/Au:N/C:N/I:N/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 15.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 15.10 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Application | Libsndfile Project | Libsndfile | All | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.2 | All | All | All |
| Operating System | Oracle | Solaris | 11.2 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Advisory SA62320 - SUSE update for libsndfile - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Support / Security / Advisories / / MDVSA-2015:024 | Mandriva | af854a3a-2127-422b-91ae-364da2661108 | www.mandriva.com | Third Party Advisory |
| USN-2832-1: libsndfile vulnerabilities | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | Third Party Advisory |
| Oracle Bulletin Board Update - January 2015 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | Third Party Advisory |
| libsndfile 'src/sd2.c' Multiple Buffer Overflow Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Mageia Advisory: MGASA-2015-0015 - Updated libsndfile packages fix CVE-2014-9496 | af854a3a-2127-422b-91ae-364da2661108 | advisories.mageia.org | Third Party Advisory |
| src/sd2.c : Fix two potential buffer read overflows. · dbe14f0 · erikd/libsndfile · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Patch, Third Party Advisory |
| Bugtraq: [SECURITY] [DSA 4430-1] wpa security update | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Mailing List, Third Party Advisory |
| openSUSE-SU-2015:0041-1: moderate: Security update for libsndfile | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| libsndfile: Multiple vulnerabilities (GLSA 201612-03) — Gentoo security | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | Third Party Advisory |
| oss-security - Re: Re: CVE Request: libsndfile buffer overread | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Patch, Third Party Advisory |
| sd2.c: 2 buffer overruns · Issue #93 · erikd/libsndfile · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 671077 EulerOS Security Update for libsndfile (EulerOS-SA-2019-2513)