CVE-2011-2696

Name of the Vulnerable Software and Affected Versions libsndfile versions prior to 1.0.25

Description The issue is related to multiple vulnerabilities in the libsndfile package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, an integer overflow in libsndfile before version 1.0.25 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PARIS Audio Format file that triggers a heap-based buffer overflow.

Recommendations For libsndfile versions prior to 1.0.25, update to version 1.0.25 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable package until a patch is available. Avoid using the libsndfile package to process untrusted audio files until the issue is resolved.