CVE-2015-7805

Publication date 17 November 2015

Last updated 24 July 2024

Ubuntu priority

Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libsndfile	15.10 wily	Fixed 1.0.25-9.1ubuntu0.15.10.1
	15.04 vivid	Fixed 1.0.25-9.1ubuntu0.15.04.1
	14.04 LTS trusty	Fixed 1.0.25-7ubuntu2.1
	12.04 LTS precise	Fixed 1.0.25-4ubuntu0.1

How can I get the fixes?
What do statuses mean?

Notes

tyhicks

PoC available on exploit-db

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2832-1
libsndfile vulnerabilities
7 December 2015

Other references

http://www.nemux.org/2015/10/13/libsndfile-1-0-25-heap-overflow/
https://www.exploit-db.com/exploits/38447/
https://www.cve.org/CVERecord?id=CVE-2015-7805