Source: libsndfile X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerability was published for libsndfile. CVE-2021-4156[0]: | An out-of-bounds read flaw was found in libsndfile's FLAC codec | functionality. An attacker who is able to submit a specially crafted | file (via tricking a user to open or otherwise) to an application | linked with libsndfile and using the FLAC codec, could trigger an out- | of-bounds read that would most likely cause a crash but could | potentially leak memory information that could be used in further | exploitation of other flaws. https://github.com/libsndfile/libsndfile/issues/731 https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc (1.1.0beta1) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-4156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4156 Please adjust the affected versions in the BTS as needed.
