Symonics Libmysofa 1.0

CPE Details

Symonics Libmysofa 1.0
symonics
libmysofa
1.0
2021-02-09
16h51 +00:00
2021-02-09
16h51 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:symonics:libmysofa:1.0:*:*:*:*:*:*:*

Informations

Vendor

symonics

Product

libmysofa

Version

1.0

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2021-3756 2021-10-29 13h55 +00:00 libmysofa is vulnerable to Heap-based Buffer Overflow
9.8
Critique
CVE-2020-36149 2021-02-08 19h13 +00:00 Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).
6.5
Moyen
CVE-2020-36150 2021-02-08 19h13 +00:00 Incorrect handling of input data in loudness function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and access to unallocated memory block.
6.5
Moyen
CVE-2020-36151 2021-02-08 19h13 +00:00 Incorrect handling of input data in mysofa_resampler_reset_mem function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and overwriting large memory block.
6.5
Moyen
CVE-2020-36152 2021-02-08 19h13 +00:00 Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA.
8.8
Haute
CVE-2020-36148 2021-02-08 19h13 +00:00 Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).
6.5
Moyen
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.