Vulnerability Description
The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mega-Nerd | Libsndfile | 1.0.20 |
Related Weaknesses (CWE)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831
- http://secunia.com/advisories/35266Vendor Advisory
- http://www.securityfocus.com/bid/35126
- http://www.vupen.com/english/advisories/2009/1446Vendor Advisory
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831
- http://secunia.com/advisories/35266Vendor Advisory
- http://www.securityfocus.com/bid/35126
- http://www.vupen.com/english/advisories/2009/1446Vendor Advisory
FAQ
What is CVE-2009-4835?
CVE-2009-4835 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of ser...
How severe is CVE-2009-4835?
CVE-2009-4835 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4835?
Check the references section above for vendor advisories and patch information. Affected products include: Mega-Nerd Libsndfile.