CVE-2014-9496

Publication date 16 January 2015

Last updated 24 July 2024

Description

The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libsndfile	15.10 wily	Not affected
	15.04 vivid	Not affected
	14.10 utopic	Ignored end of life
	14.04 LTS trusty	Fixed 1.0.25-7ubuntu2.1
	12.04 LTS precise	Fixed 1.0.25-4ubuntu0.1
	10.04 LTS lucid	Ignored end of life

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libsndfile	Upstream: dbe14f0

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2832-1
libsndfile vulnerabilities
7 December 2015

Other references

https://www.cve.org/CVERecord?id=CVE-2014-9496