Libmysofa
CVE-2021-3756
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
libmysofa is vulnerable to Heap-based Buffer Overflow
AnalysisAI
libmysofa is vulnerable to Heap-based Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-122. Affected products include: Symonics Libmysofa, Fedoraproject Fedora.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hdf/dataobject.c during the reading of a header mess
hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of memory, as demonstrated by mysofa2json. Rated high
libmysofa before 2019-11-24 does not properly restrict recursive function calls, as demonstrated by reports of stack con
Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. Rated critical sever
Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c. Rated critical severity (CVSS 9.8), t
treeRead in hdf/btree.c in libmysofa before 0.7 does not properly validate multiplications and additions. Rated critical
Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c. Rated high severity (CVSS 7.5), this vulner
Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. Rated high severity (
Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c. Rated high severity (CVSS 7.5)
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today