Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2696

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-2696
Last Modified 05 Oct 2011 10:50:25
Published 26 Jul 2011 10:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2696

Summary

Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based buffer overflow.

Vulnerable Systems

Application

  • Mega-nerd Libsndfile 0.0.28

  • Mega-nerd Libsndfile 0.0.8

  • Mega-nerd Libsndfile 1.0.0

  • Mega-nerd Libsndfile 1.0.1

  • Mega-nerd Libsndfile 1.0.10

  • Mega-nerd Libsndfile 1.0.11

  • Mega-nerd Libsndfile 1.0.12

  • Mega-nerd Libsndfile 1.0.13

  • Mega-nerd Libsndfile 1.0.14

  • Mega-nerd Libsndfile 1.0.15

  • Mega-nerd Libsndfile 1.0.16

  • Mega-nerd Libsndfile 1.0.17

  • Mega-nerd Libsndfile 1.0.18

  • Mega-nerd Libsndfile 1.0.19

  • Mega-nerd Libsndfile 1.0.2

  • Mega-nerd Libsndfile 1.0.20

  • Mega-nerd Libsndfile 1.0.21

  • Mega-nerd Libsndfile 1.0.22

  • Mega-nerd Libsndfile 1.0.23

  • Mega-nerd Libsndfile 1.0.24

  • Mega-nerd Libsndfile 1.0.3

  • Mega-nerd Libsndfile 1.0.4

  • Mega-nerd Libsndfile 1.0.5

  • Mega-nerd Libsndfile 1.0.6

  • Mega-nerd Libsndfile 1.0.7

  • Mega-nerd Libsndfile 1.0.8

  • Mega-nerd Libsndfile 1.0.9


References

SUSE - openSUSE-SU-2011:0855

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=721234

CONFIRM - https://bugs.gentoo.org/show_bug.cgi?id=375125

UBUNTU - USN-1174-1

BID - 48644

MISC - http://www.securelist.com/en/advisories/45125

REDHAT - RHSA-2011:1084

MLIST - [oss-security] 20110718 Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files

MLIST - [oss-security] 20110715 Re: Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files

MLIST - [oss-security] 20110715 Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files

MLIST - [oss-security] 20110714 Re: Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files

MLIST - [oss-security] 20110714 Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files

MLIST - [oss-security] 20110714 CVE Request -- libsndfile -- Integer overflow by processing certain PAF files

CONFIRM - http://www.mega-nerd.com/libsndfile/ChangeLog

MANDRIVA - MDVSA-2011:119

DEBIAN - DSA-2288

SECUNIA - 45433

SECUNIA - 45388

SECUNIA - 45384

SECUNIA - 45351

SECUNIA - 45125

FEDORA - FEDORA-2011-9325

Related Patches

Novell SUSE 2011:4902 libsndfile security update for SLE 11 SP1 i586

Novell SUSE 2011:7639 libsndfile security update for SLE 10 SP4 i586


Last Updated: 27 May 2016 10:57:05