Mega-nerdCVEs & Vulnerabilities

8 CVEs affecting Mega-nerd products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

libsndfile 72secret rabbit code 13
CVE-2015-7805CRITICALpoc

Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file.

17 Nov 2015
9.3
CVSS
CVE-2011-2696MEDIUM

Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based buffer overflow.

27 Jul 2011
6.8
CVSS
CVE-2009-4835MEDIUM

The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file.

6 May 2010
4.3
CVSS
CVE-2009-1791CRITICAL

Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value.

26 May 2009
9.3
CVSS
CVE-2009-1788CRITICAL

Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value.

26 May 2009
9.3
CVSS
CVE-2009-0186CRITICAL

Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.

5 Mar 2009
9.3
CVSS
CVE-2008-5008CRITICAL

Buffer overflow in src/src_sinc.c in Secret Rabbit Code (aka SRC or libsamplerate) before 0.1.4, when "extreme low conversion ratios" are used, allows user-assisted attackers to have an unknown impact via a crafted audio file.

10 Nov 2008
9.3
CVSS
CVE-2007-4974HIGH

Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size.

19 Sep 2007
7.5
CVSS
← PrevPage 1 / 1Next →