CVE-2011-2696

Related Files

Gentoo Linux Security Advisory 201312-14

Posted Dec 19, 2013

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201312-14 - An integer overflow in libsndfile might allow remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 1.0.25 are affected.

tags | advisory, remote, denial of service, overflow, arbitrary

systems | linux, gentoo

advisories | CVE-2011-2696

SHA-256 | f7c23a9b011fc58c901e07dea8431f7de7ded4020406ceec1e4b3c9d4c647493

Download | Favorite | View

Debian Security Advisory 2288-1

Posted Jul 29, 2011

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2288-1 - Hossein Lotfi discovered an integer overflow in libsndfile's code to parse Paris Audio files, which could potentially lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary

systems | linux, debian

advisories | CVE-2011-2696

SHA-256 | 0942125455ecdca6e7d9c6ac052199e949491719d018fa17cc47170a2500f8b9

Download | Favorite | View

Ubuntu Security Notice USN-1174-1

Posted Jul 26, 2011

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1174-1 - Hossein Lotfi discovered that libsndfile did not properly verify the header length and number of channels for PARIS Audio Format (PAF) audio files. An attacker could exploit this to cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2011-2696

SHA-256 | d8a07393d327e356dc08baa0166d3b4019830cc109f2da3cd5f11f3a7cf88c95

Download | Favorite | View

Mandriva Linux Security Advisory 2011-119

Posted Jul 25, 2011

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-119 - An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the libsndfile library processed certain Ensoniq PARIS Audio Format audio files. An attacker could create a specially-crafted PAF file that, when opened, could cause an application using libsndfile to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary

systems | linux, mandriva

advisories | CVE-2011-2696

SHA-256 | f4d92c8716e0f50d58737fbae451fe31de12be5ea09eaecb84a3ce88e907f530

Download | Favorite | View

Red Hat Security Advisory 2011-1084-01

Posted Jul 21, 2011

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1084-01 - The libsndfile packages provide a library for reading and writing sound files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the libsndfile library processed certain Ensoniq PARIS Audio Format audio files. An attacker could create a specially-crafted PAF file that, when opened, could cause an application using libsndfile to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Users of libsndfile are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libsndfile must be restarted for the update to take effect.

tags | advisory, overflow, arbitrary

systems | linux, redhat

advisories | CVE-2011-2696

SHA-256 | 64418f665856a904afb78553df25f24bfa8c7c9e918895d3a71402bef34572bf

Download | Favorite | View