Advisories ยป MGASA-2015-0015

Updated libsndfile packages fix CVE-2014-9496

Publication date: 08 Jan 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9496


Updated libsndfile packages fix security vulnerabilities:

libsndfile contains multiple buffer-overflow vulnerabilities in src/sd2.c
because it fails to properly bounds-check user supplied input, which may
allow an attacker to execute arbitrary code or cause a denial of service

libsndfile contains a divide-by-zero error in src/file_io.c which may allow
an attacker to cause a denial of service.