PT-2022-4810 · Unknown+10 · Libsndfile+10

Yuawn

Published

2022-01-05

Updated

2025-12-11

CVE-2021-4156

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libsndfile (affected versions not specified)

Description An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. This issue could be triggered by an attacker submitting a specially crafted file to an application linked with libsndfile and using the FLAC codec, potentially causing a crash or leaking memory information that could be used in further exploitation of other flaws. The vulnerability may allow a remote attacker to gain unauthorized access to protected information and cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2022:1968

BDU:2022-05796

CESA-2022_1968

CVE-2021-4156

DLA-3058-1

DLA-3126-1

DLA-4402-1

OESA-2022-1680

OPENSUSE-SU-2022:0052-1

OPENSUSE-SU-2022_0052-1

OPENSUSE-SU-2022_0052-2

OPENSUSE-SU-2024:11705-1

RHSA-2022:1968

RHSA-2022_1968

RLSA-2022:1968

SUSE-SU-2022:0034-1

SUSE-SU-2022:0052-1

SUSE-SU-2022:0052-2

SUSE-SU-2022:14872-1

SUSE-SU-2022_0034-1

SUSE-SU-2022_0052-1

SUSE-SU-2022_14872-1

USN-5409-1

USN-7273-1

Affected Products

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Libsndfile

PT-2022-4810 · Unknown+10 · Libsndfile+10

CVE-2021-4156

Weakness Enumeration

Related Identifiers

Affected Products

References · 60