Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2021-4156

Published: March 23, 2022Last modified: September 30, 2023

Description

An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws.

Severity score breakdown

ParameterValue
Base score7.1
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionREQUIRED
ScopeUNCHANGED
ConfidentialityLOW
Integrity impactNONE
Availability impactHIGH
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSlibsndfileNot affected (1.1.0-r2)
StreamlibsndfileNot affected (1.2.2-r0)

References

ON THIS PAGE