Symonics Libmysofa 0.8

CPE Details

Symonics Libmysofa 0.8
symonics
libmysofa
0.8
2020-01-08
13h41 +00:00
2020-01-08
13h41 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:symonics:libmysofa:0.8:*:*:*:*:*:*:*

Informations

Vendor

symonics

Product

libmysofa

Version

0.8

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-3756 2021-10-29 13h55 +00:00 libmysofa is vulnerable to Heap-based Buffer Overflow
9.8
Critical
CVE-2020-36149 2021-02-08 19h13 +00:00 Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).
6.5
Medium
CVE-2020-36150 2021-02-08 19h13 +00:00 Incorrect handling of input data in loudness function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and access to unallocated memory block.
6.5
Medium
CVE-2020-36151 2021-02-08 19h13 +00:00 Incorrect handling of input data in mysofa_resampler_reset_mem function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and overwriting large memory block.
6.5
Medium
CVE-2020-36152 2021-02-08 19h13 +00:00 Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA.
8.8
High
CVE-2020-36148 2021-02-08 19h13 +00:00 Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).
6.5
Medium
CVE-2019-20016 2019-12-27 00h12 +00:00 libmysofa before 2019-11-24 does not properly restrict recursive function calls, as demonstrated by reports of stack consumption in readOHDRHeaderMessageDatatype in dataobject.c and directblockRead in fractalhead.c. NOTE: a download of v0.9 after 2019-12-06 should fully remediate this issue.
6.5
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.