CVE-2022-33064

HIGH

Libsndfile <1.1.0 - RCE

Title source: llm

Description

An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.

References (1)

[Exploit, Issue Tracking, Patch] https://github.com/libsndfile/libsndfile/issues/832

Scores

CVSS v3 7.8

EPSS 0.0003

EPSS Percentile 8.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-193

Status published

Products (1)

libsndfile_project/libsndfile 1.1.0

Published Jul 18, 2023

Tracked Since Feb 18, 2026