1. Home
  2. CVE Database
  3. CVE-2021-4156
HIGH · 7.1

CVE-2021-4156

An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application l...

Vulnerability Description

An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
Libsndfile ProjectLibsndfile1.1.10
DebianDebian Linux9.0

Related Weaknesses (CWE)

CWE-125

References

FAQ

What is CVE-2021-4156?

CVE-2021-4156 is a vulnerability with a CVSS score of 7.1 (HIGH). An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application l...

How severe is CVE-2021-4156?

CVE-2021-4156 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-4156?

Check the references section above for vendor advisories and patch information. Affected products include: Libsndfile Project Libsndfile, Debian Debian Linux.