CVE-2014-9756

libsndfile < 1.0.26 - Denial of Service via psf_fwrite Divide-By-Zero

Title source: llm

Description

The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.

References (7)

Core 7

Core References

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2015-11/msg00077.html

Exploit, Third Party Advisory x_refsource_confirm

https://github.com/erikd/libsndfile/issues/92

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2014/12/24/3

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2015/11/03/9

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2832-1

Patch, Third Party Advisory x_refsource_confirm

https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2015-11/msg00145.html

Scores

EPSS 0.0066

EPSS Percentile 71.5%

Details

CWE

CWE-369

Status published

Products (8)

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 15.04

canonical/ubuntu_linux 15.10

libsndfile_project/libsndfile < 1.0.26

opensuse/leap 42.1

opensuse/opensuse 13.1

opensuse/opensuse 13.2

Published Nov 19, 2015

Tracked Since Feb 18, 2026