libsndfile_project 漏洞与 CVE 列表(32)

产品(CPE): — CVE 数: 32

libsndfile_project 漏洞概览

汇总 libsndfile_project 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。

常见弱点模式包括 缓冲区溢出与内存损坏,在 生产负载与软件部署 使用场景中可能带来 应用崩溃与内存损坏 等风险。

相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势(近 24 个月)

显示 12032 CVE 数
«« 第一页 « 上一页 第 1 / 2 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2026-37555 An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path (line 241) was fixed with (sf_count_t) cast, but the WAV code path (line 235) and close path (line 167) were not. When samplesperblock (int) * blocks (int) exceeds INT_MAX, the 32-bit multiplication overflows before being assigned to sf.frames (sf_count_t/int64). With samplesperblock=50000 and blocks=50000, the product 2500000000 overflows to -1794967296. This causes incorrect frame count leading to heap buffer overf [email protected] 7.5 0.50% 2026-04-29 2026-06-29
CVE-2025-56226 Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpeg_l3_encoder_init() function within the mpeg_l3_encode.c file. [email protected] 5.3 0.31% 2026-01-14 2026-06-17
CVE-2025-52194 A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircam_read_header function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential code execution. [email protected] 7.5 0.58% 2025-08-21 2026-06-17
CVE-2024-50613 libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close. [email protected] 6.5 0.51% 2024-10-27 2026-06-17
CVE-2024-50612 libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read. [email protected] 5.5 0.31% 2024-10-27 2026-06-17
CVE-2022-33065 Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts. [email protected] 7.8 0.37% 2023-07-18 2026-06-17
CVE-2022-33064 An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts. [email protected] 7.8 0.31% 2023-07-18 2026-06-17
CVE-2021-4156 An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws. [email protected] 7.1 1.75% 2022-03-23 2026-06-17
CVE-2021-3246 A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file. [email protected] 8.8 3.30% 2021-07-20 2026-06-17
CVE-2019-3832 It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash. [email protected] 5.5 0.51% 2019-03-21 2026-06-16
CVE-2018-19758 There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. [email protected] 6.5 1.69% 2018-11-29 2026-06-16
CVE-2018-19662 An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service. [email protected] 8.1 2.32% 2018-11-29 2026-06-16
CVE-2018-19661 An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service. [email protected] 6.5 2.11% 2018-11-29 2026-06-16
CVE-2018-19432 An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. [email protected] 6.5 2.96% 2018-11-22 2026-06-16
CVE-2018-13419 An issue has been found in libsndfile 1.0.28. There is a memory leak in psf_allocate in common.c, as demonstrated by sndfile-convert. NOTE: The maintainer and third parties were unable to reproduce and closed the issue [email protected] 6.5 1.27% 2018-07-07 2026-06-16
CVE-2018-13139 A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave. [email protected] 8.8 3.57% 2018-07-04 2026-06-16
CVE-2017-16942 In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file. [email protected] 6.5 1.23% 2017-11-25 2026-06-16
CVE-2017-14246 An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. [email protected] 8.1 2.23% 2017-09-21 2026-06-16
CVE-2017-14245 An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. [email protected] 8.1 2.04% 2017-09-21 2026-06-16
CVE-2017-14634 In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file. [email protected] 6.5 2.08% 2017-09-21 2026-06-16
«« 第一页 « 上一页 第 1 / 2 页 下一页 »
cvelogic Threat Intelligence