PublicDateAtUSN: 2015-01-16
Candidate: CVE-2014-9496
PublicDate: 2015-01-16 16:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9496
 https://ubuntu.com/security/notices/USN-2832-1
Description:
 The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to
 have unspecified impact via vectors related to a (1) map offset or (2) rsrc
 marker, which triggers an out-of-bounds read.
Ubuntu-Description:
Notes:
Bugs:
 https://github.com/erikd/libsndfile/issues/93
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774162
Priority: low
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_libsndfile:
 upstream: https://github.com/erikd/libsndfile/commit/dbe14f00030af5d3577f4cabbf9861db59e9c378
upstream_libsndfile: released (1.0.25-10)
lucid_libsndfile: ignored (reached end-of-life)
precise_libsndfile: released (1.0.25-4ubuntu0.1)
trusty_libsndfile: released (1.0.25-7ubuntu2.1)
trusty/esm_libsndfile: released (1.0.25-7ubuntu2.1)
utopic_libsndfile: ignored (reached end-of-life)
vivid_libsndfile: not-affected (1.0.25-9.1)
wily_libsndfile: not-affected (1.0.25-9.1)
devel_libsndfile: not-affected (1.0.25-10)
vivid/stable-phone-overlay_libsndfile: not-affected (1.0.25-9.1)
vivid/ubuntu-core_libsndfile: DNE