{"id":"USN-2832-1","summary":"libsndfile vulnerabilities","details":"It was discovered that libsndfile incorrectly handled memory when parsing\nmalformed files. A remote attacker could use this issue to cause\nlibsndfile to crash, resulting in a denial of service. This issue only\napplied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9496)\n\nJoshua Rogers discovered that libsndfile incorrectly handled division when\nparsing malformed files. A remote attacker could use this issue to cause\nlibsndfile to crash, resulting in a denial of service. (CVE-2014-9756)\n\nMarco Romano discovered that libsndfile incorrectly handled certain\nmalformed AIFF files. A remote attacker could use this issue to cause\nlibsndfile to crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2015-7805)\n","modified":"2026-04-22T09:18:56.674752Z","published":"2015-12-07T17:49:12Z","related":["UBUNTU-CVE-2014-9496","UBUNTU-CVE-2014-9756","UBUNTU-CVE-2015-7805"],"upstream":["CVE-2014-9496","CVE-2014-9756","CVE-2015-7805","UBUNTU-CVE-2014-9496","UBUNTU-CVE-2014-9756","UBUNTU-CVE-2015-7805"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2832-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-9496"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-9756"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-7805"}],"affected":[{"package":{"name":"libsndfile","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/libsndfile@1.0.25-7ubuntu2.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.25-7ubuntu2.1"}]}],"versions":["1.0.25-7ubuntu1","1.0.25-7ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_name":"libsndfile1","binary_version":"1.0.25-7ubuntu2.1"},{"binary_name":"sndfile-programs","binary_version":"1.0.25-7ubuntu2.1"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"severity":[{"type":"Ubuntu","score":"low"}],"id":"CVE-2014-9496"},{"severity":[{"type":"Ubuntu","score":"low"}],"id":"CVE-2014-9756"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-7805"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2832-1.json"}}],"schema_version":"1.7.5"}