CVE-2022-33064

Name
CVE-2022-33064
Description
An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/libsndfile/libsndfile/issues/832

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:libsndfile_project:libsndfile:1.1.0:*:*:*:*:*:*:* libsndfile == None == 1.1.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libsndfile 3.17-main 1.1.0-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libsndfile 3.16-main 1.1.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable