Описание
Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpeg_l3_encoder_init() function within the mpeg_l3_encode.c file.
A flaw was found in the libsndfile library. This issue occurs when encoding MP3 files. During initialization, when an unsupported sample rate is detected, encoding resources are not released within the error-handling path due to an incomplete initialization, impacting system performance and resulting in a denial of service.
Отчет
To exploit this flaw, an attacker needs to be able to process a malicious MP3 file with an application linked to the libsndfile library. Also, the only security impact of this issue is a high consumption of system memory that eventually can cause an application crash and result in a denial of service, there is no memory corruption or arbitrary code execution. Due to these reasons, this vulnerability has been rated with a moderate severity.
Меры по смягчению последствий
Do not process untrusted MP3 files with the libsndfile library.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | libsndfile | Fix deferred | ||
| Red Hat Enterprise Linux 6 | libsndfile | Out of support scope | ||
| Red Hat Enterprise Linux 7 | libsndfile | Not affected | ||
| Red Hat Enterprise Linux 8 | libsndfile | Not affected | ||
| Red Hat Enterprise Linux 9 | libsndfile | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpeg_l3_encoder_init() function within the mpeg_l3_encode.c file.
Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpeg_l3_encoder_init() function within the mpeg_l3_encode.c file.
Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpeg_l3_encoder_init() function within the mpeg_l3_encode.c file.
Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpeg_l3 ...
EPSS
5.3 Medium
CVSS3