CVE-2021-4156

Опубликовано: 13 апр. 2021

Источник: redhat

CVSS3: 7.1

EPSS Низкий

Описание

An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws.

Отчет

This flaw is out of support scope for libsndfile shipped with Red Hat Enterprise Linux 6 and 7.

Меры по смягчению последствий

One way to mitigate the risk of this flaw is to not open untrusted sound files using libsndfile or other linked programs.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	libsndfile	Out of support scope
Red Hat Enterprise Linux 7	libsndfile	Out of support scope
Red Hat Enterprise Linux 9	libsndfile	Not affected
Red Hat Enterprise Linux 8	libsndfile	Fixed	RHSA-2022:1968	10.05.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=2027690libsndfile: heap out-of-bounds read in src/flac.c in flac_buffer_copy

EPSS

Процентиль: 39%

0.00168

Низкий

7.1 High

CVSS3

Связанные уязвимости

CVE-2021-4156

CVSS3: 7.1

ubuntu

около 3 лет назад

CVE-2021-4156

CVSS3: 7.1

nvd

около 3 лет назад

CVE-2021-4156

CVSS3: 7.1

debian

около 3 лет назад

An out-of-bounds read flaw was found in libsndfile's FLAC codec functi ...

openSUSE-SU-2022:0052-2

suse-cvrf

больше 3 лет назад

Security update for libsndfile

openSUSE-SU-2022:0052-1

suse-cvrf

больше 3 лет назад

Security update for libsndfile

EPSS

Процентиль: 39%

0.00168

Низкий

7.1 High

CVSS3