CVE-2014-9756
Severity CVSS v4.0:
Pending analysis
Type:
CWE-369
Divide By Zero
Publication date:
19/11/2015
Last modified:
06/05/2026
Description
The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:libsndfile_project:libsndfile:*:*:*:*:*:*:*:* | 1.0.26 (excluding) | |
| cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00077.html
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00145.html
- http://www.openwall.com/lists/oss-security/2014/12/24/3
- http://www.openwall.com/lists/oss-security/2015/11/03/9
- http://www.ubuntu.com/usn/USN-2832-1
- https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6
- https://github.com/erikd/libsndfile/issues/92
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00077.html
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00145.html
- http://www.openwall.com/lists/oss-security/2014/12/24/3
- http://www.openwall.com/lists/oss-security/2015/11/03/9
- http://www.ubuntu.com/usn/USN-2832-1
- https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6
- https://github.com/erikd/libsndfile/issues/92