CVE-2015-7805

Description

Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file.

How to fix CVE-2015-7805

To remediate CVE-2015-7805, upgrade the affected package to a fixed version below.

• Debian/libsndfile—upgrade to 1.0.25-10 or later

Is CVE-2015-7805 being exploited?

Likely — EPSS is 58.5%, placing CVE-2015-7805 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (1)

• from 0, < 1.0.25-10

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2015-7805