VIR Vulnerability Intelligence Relay

CVE-2014-9496

low
Published 2015-01-16 · Modified 2026-05-06
CVSS v3
CVSS v2
2.1
VIR risk
2.1

Description

The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2014-9496

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/erikd/libsndfile/commit/dbe14f00030af5d3577f4cabbf9861db59e9c378

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.openwall.com/lists/oss-security/2015/01/04/4

OS impact
OSVersionStatusFixed in
ubuntu ubuntu12.04affected
ubuntu ubuntu14.04affected
ubuntu ubuntu15.04affected
ubuntu ubuntu15.10affected
suse suse13.1affected
suse suse13.2affected
debian debian9.0affected
debian debianbookwormfixed1.0.25-9.1
debian debianbullseyefixed1.0.25-9.1
debian debianforkyfixed1.0.25-9.1
debian debiansidfixed1.0.25-9.1
debian debiantrixiefixed1.0.25-9.1

Application impact
VendorProductVersionsFixed
libsndfile_projectlibsndfile{"endExcluding":"1.0.26"}1.0.26

References

Verify integrity in audit chain (admin only). AS-IS.