Bug#1051890: libsndfile: CVE-2022-33064
Source: libsndfile
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libsndfile.
CVE-2022-33064[0]:
| An off-by-one error in function wav_read_header in src/wav.c in
| Libsndfile 1.1.0, results in a write out of bound, which allows an
| attacker to execute arbitrary code, Denial of Service or other
| unspecified impacts.
https://github.com/libsndfile/libsndfile/issues/832
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-33064
https://www.cve.org/CVERecord?id=CVE-2022-33064
Please adjust the affected versions in the BTS as needed.
Reply to: