Candidate: CVE-2021-4156
PublicDate: 2022-03-23 20:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4156
Description:
 An out-of-bounds read flaw was found in libsndfile's FLAC codec
 functionality. An attacker who is able to submit a specially crafted file
 (via tricking a user to open or otherwise) to an application linked with
 libsndfile and using the FLAC codec, could trigger an out-of-bounds read
 that would most likely cause a crash but could potentially leak memory
 information that could be used in further exploitation of other flaws.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://github.com/libsndfile/libsndfile/issues/731
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H [8.1 HIGH]


Patches_libsndfile:
 upstream: https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc (1.1.0beta1)
upstream_libsndfile: needs-triage
trusty/esm_libsndfile: needs-triage
esm-infra/xenial_libsndfile: needs-triage
trusty_libsndfile: ignored (out of standard support)
xenial_libsndfile: ignored (out of standard support)
bionic_libsndfile: needs-triage
focal_libsndfile: needs-triage
hirsute_libsndfile: ignored (reached end-of-life)
impish_libsndfile: needs-triage
jammy_libsndfile: needs-triage
devel_libsndfile: needs-triage