PT-2021-3666 · Unknown+9 · Libsndfile+9

Andrea Fioraldi

Published

2021-01-15

Updated

2024-06-15

CVE-2021-3246

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libsndfile version 1.0.30

Description The issue is caused by a heap buffer overflow in the msadpcm decode block function of the libsndfile library. This can be exploited by a remote attacker using a specially crafted WAV file, potentially allowing the execution of arbitrary code.

Recommendations For libsndfile version 1.0.30, consider updating to a newer version that addresses the heap buffer overflow vulnerability in the msadpcm decode block function. As a temporary workaround, restrict the use of the msadpcm decode block function when processing untrusted WAV files to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

ALSA-2021:3253

ALT-PU-2021-1825

BDU:2021-03899

CESA-2021_3253

CESA-2021_3295

CVE-2021-3246

DLA-2722-1

DSA-4947-1

MGASA-2021-0392

OESA-2021-1354

OPENSUSE-SU-2021:1166-1

OPENSUSE-SU-2021:2764-1

OPENSUSE-SU-2021_1166-1

OPENSUSE-SU-2021_2764-1

OPENSUSE-SU-2024:10992-1

RHSA-2021:3253

RHSA-2021:3295

RHSA-2021:3297

RHSA-2021:3298

RHSA-2021_3253

RHSA-2021_3295

RLSA-2021:3253

SUSE-SU-2021:14769-1

SUSE-SU-2021:2615-1

SUSE-SU-2021:2764-1

SUSE-SU-2021_14769-1

USN-5025-1

USN-5025-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Libsndfile

PT-2021-3666 · Unknown+9 · Libsndfile+9

CVE-2021-3246

Weakness Enumeration

Related Identifiers

Affected Products

References · 78