CVE-2014-9756

Published: Nov 19, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.

Affected (8)

Products: Libsndfile Project: Libsndfile · Canonical: Ubuntu Linux · Opensuse: Leap, Opensuse

1 product

1 product

2 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libsndfile Project Libsndfile	Before 1.0.26

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 15.04
Canonical Ubuntu Linux	Version 15.10

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.1
Opensuse Opensuse	Version 13.1
Opensuse Opensuse	Version 13.2

Related CWEs

CWE-369

Divide By Zero

The product divides a value by zero.

References (14)

http://lists.opensuse.org/opensuse-updates/2015-11/msg00077.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2015-11/msg00145.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2014/12/24/3

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2015/11/03/9

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

http://www.ubuntu.com/usn/USN-2832-1

Source: cve@mitre.org

Third Party Advisory

https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/erikd/libsndfile/issues/92

Source: cve@mitre.org

ExploitThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2015-11/msg00077.html