CVE-2011-2696
libsndfile - integer overflow
EPSS 8.9%
Description
Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based buffer overflow.
How to fix CVE-2011-2696
To remediate CVE-2011-2696, upgrade the affected package to a fixed version below.
- Debian/libsndfile—upgrade to 1.0.25-1 or later
- Debian/libsndfile—upgrade to 1.0.21-3+squeeze1 or later
Is CVE-2011-2696 being exploited?
Moderate — EPSS is 8.9%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1.0.25-1
- from 0, < 1.0.21-3+squeeze1